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SECURITY 
UNDER 
THEGUN 


HERE’S A MYTH BUSTER: IT security professionals 
were expected to be in hot demand following the 
Sept. ll attacks, but it hasn’t happened. Flat bud- 
gets and personnel cuts are forcing many IT secu- 
rity pros to take on more work, while hiring re- 
mains soft. Find out what steps security experts 
like Cardinal Health’s John Hartmann (left) and Ed 
Daniels (right) are taking to sharpen their skills 
and protect their organizations. 

STORY BEGINS ON PAGE 36. 
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SCANDAL TO PUSH 


| Energy firms face need to revamp IT 
capabilities to monitor online trading | 


BY MICHAEL MEEHAN 

As federal investigators dig 
deeper into a scandal involving 
shady online energy trading, it 
looks as if IT departments will 


| be required to redesign the 


e-commerce systems that once 
stood out as the pride of the 
energy industry. 
Among the re- 
cent findings of 
the Federal Energy 
Regulatory Commission: En- 
ron Corp. used its trading sys- 
tems to boost profits during 
California’s 2000-01 energy cri- 
sis, and Enron and other com- 
panies in the industry conduct- 


| ed wash trades, in which they 


would buy electricity at a cer- 
tain price and immediately re- 
sell it at the same price in order 


| to inflate revenue numbers. 


| 
| 
| 
| 
| 
| 


Now, it’s widely expected 
that the IT departments of en- 


ergy trading companies will | 


have to build enough trans- 
parency into their trading sys- 
tems to let regulators “identify 
when and whether misrep- 
resentation and manipulation 


is occurring,” as | 
Chairman | 


FERC 
Pat Wood called 
for during Senate 
testimony last month. 

Industry executives are still 
waiting for the FERC to weigh 
in with specific system over- 
haul requirements, which are 
expected sometime this surn- 
mer. But according to analysts, 
the revamps could cost the in- 


dustry tens if not hundreds of | 
| reptitiously installed on corpo- 


millions of doliars over the 
next few years. 


WORKERS BLAST ITAA STUDY CLAIMS 


IT employees dispute 
report of skills shortage 
BY MELISSA SOLOMON 

With 35 years of IT experience 
and expertise in C++, Java and 
other technical skills in high 
demand, Warren MacQueen 
thinks he should have no prob- 
lem landing a job. 

But the Kansas City-area IT 
veteran said that after falling 
victim to mass layoffs at Sprint 
Corp. in November, he sent out 


100 résumés and heard back | 


from only a handful of compa- 
nies. “I don’t think that my skill 
set is inadequate,” he said. 





MacQueen is one of scores 
of IT workers who were an- 


gered by last month’s Informa- | 
tion Technology Association | 


of America report, which 
claimed there’s a shortage of 
U.S. workers with the right IT 
skills [QuickLink: 29607]. 

The study projected that de- 
spite a 5% dip in the IT job 
market last year, upward of 
1.1 million jobs will be created 
this year. However, it contin- 
ued, less than half of those will 
be filled because workers don’t 
have the right skills. Critics 
claim that there aren’t any jobs 
in sight and that the supposed 


Skills Shortage, page 16 | 





SYSTEMS REDESIGN 


Bob Menella, a trading oper- 


| ations vice president at Con 
| Edison Energy Inc., said the 


White Plains, N-Y.-based com- 
pany will probably hold off on 
any future IT projects until the 
FERC issues its findings and 
requirements. 

“We're at the point now 
where we're trying to figure 
out what the ground rules are 
going to be,” Menella said. 

Online Trading, page 65 


NETS EXPOSED BY 
ROGUE THREATS 


Wireless access points 
can be Achilles’ heel 


BY BOB BREWIN 
Unauthorized wireless LAN ac- 
cess points that are being sur- 


rate networks pose a dangerous 
and little understood security 
threat to companies, users and 

analysts warned last week. 
Called “rogue APs,” these ac- 
cess points are usually installed 
without the knowledge of the 
IT department by employees or 
branch office and plant man- 
agers who want the mobile con- 
venience provided by 802.1lb, 
or Wi-Fi, wireless LANs. But 
even technology vendors 
agreed that when this happens, 
easily exploitable holes are 

opened in wired networks. 
Delphi Corp. is one user that 
takes the threat seriously. Ac- 
cording to Chuck Maiorana, 
Delphi’s director of communi- 
cations engineering, the Troy, 
Mich.-based manufacturer of 
automotive electronic compo- 
Rogue Threats, page 65 
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ra THE POWER OF IT 


The 2002 Computerworld Honors awards 
showcase the people and companies 
leading the IT revolution. PAGE 26 


SETTING THE RIGHT PRICE 


Revenue optimization technology helps 
firms set prices for maximum profitability, 
but training and good historical transaction 
data are necessary to deliver results. PAGE 48 
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NEWS 6 


6 Informix dataisase customers 

say they’re happy about IBM’s up- 
grade promises, but they’d like to 
see better marketing and support. 


7 Four Linux vendors are devel- 
oping a unified version of the oper- 
ating system, but market leader 
Red Hat isn’t involved. 


8 The safe harbor agreement that 
indemnifies U.S. companies from 
European data privacy laws still 
isn’t attracting many takers. 


8 After a weak first quarter and 
recent management changes, SAP 
will try to regain momentum with 
users at its Sapphire conference. 


9 Some high-profile retailers 
aren’t fully securing wireless LANs 
in their stores, but they say that 
no sensitive data is being exposed. 


BREAKING NEWS 


For breaking news, updated twice daily, visit 


QuickLink: a1510 
www.computerworld.com 








BUSINESS = 33 


33 Paul A. Strassmann says 

that CIOs must pass three tests at 
budget review time in order to sur- 
vive in their jobs and stay on their 
career paths. 


40 Online knowledge manage- 
ment communities that tap staff 
expertise and resolve problems 

for field service workers are gen- 
erating solid payback for companies 
such as oil services giant Schlum- 
bergerSema and Clarica Life Insur- 
ance Co. 


42 Leaders who fail to recognize 
the dangers of organizational 
change are setting themselves up 
for a fall, says Harvard Business 
Review author Ronald A. Heifetz. 


44 Career Adviser Fran Quittel 
counsels a software engineer who 
wants to know more about his 
rights when switching jobs and 

a criminal justice IT professional 
who’s considering a career change 
to computer forensics. 


TECHNOLOGY 47 


47 Some often-overlooked pro- 
gramming languages — including 
Perl, PHP, Python and Ruby — 
could ease the way for Web devel- 
opers, according to columnist 
Nicholas Petreley. 


52 Emerging Technologies: 
New disk-based backup systems 
are promising to provide faster 
restoration at prices that are com- 
petitive with tape. 


54 QuickStudy: Replication 

is the process of producing dupli- 
cate copies of a company’s enter- 
prise data for content distribution, 
disaster recovery and other busi- 
ness needs. Learn more in this 
week’s tutorial. 


56 Security Journal: Cutting 
the cost of remote access while 
maintaining security standards 
is no easy task, but it’s a neces- 
sary one in the current business 
climate, says security manager 
Vince Tuesday. 
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OPINIONS 24 


24 Maryfran Johnson writes of 
the “everyday miracles” IT organi- 
zations accomplish and how they 
are easy to overlook amid a bat- 
tered economy and the weightier 
concerns of a changed world. 


24 Pimm Fox says business intelli- 
gence software is proliferating be- 
cause IT is lowering the cost and 
driving the trend of delivering 
more reports to more people. 


25 Thornton May notes it’s the 
quality of the boss — not the 
money — that causes IT profes- 
sionals to hunt for new jobs. 


66 Frank Hayes says California 
state officials are sure to undergo 

a nasty grilling after a hacker com- 
promised state payroll data. He 
offers answers to the questions 
they’ll likely face. 
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How to Contact CW 64 
Company Index 64 
Shark Tank 66 
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AND THE WINNERS... . 


Log on Tuesday to find out the win- 
ners in this year’s Computerworld 
Honors program. Awards will be 
announced Monday at a ceremony 
in Washington. 


QuickLink: a2050 


‘SHOULD | ASK 
FOR MORE MONEY?’ 


A community member is asked to 
move into a more demanding job, 
but no mention has been made of a 
pay increase. Should he ask for one? 


Post your opinions and see what 
others have to say in our online 
discussion forums. 


QuickLink: a2110 


IT'S NOT EASY 


Privacy laws give people the right 
to access personal data that compa- 
nies have collected about them. 
But columnist Jay Cline questions 
whether that’s feasible. 

QuickLink: 30214 


WHAT'S A QUICKLINK? 


On some pages in this issue, 

you'll see a QuickLink code 
pointing to additional, related con- 
tent on our Web site. Just enter that 
code into our QuickLink box online, 
which you'll see at the top of each 
page on our site. 


Use QuickLinks to see related sto- 
ries, discussion forums, research 
links, archives and more. 








States Denied on 
Microsoft E-Mail 


The judge overseeing the remedy 
phase of the Microsoft Corp. anti- 
trust case rejected a last-minute bid 
by the nonsettling states to enter 
into evidence an internal Microsoft 
e-mail message that suggested the 
company take “underground” retal- 
iatory actions against Linux-friendly 
PC makers. U.S. District Court 
Judge Colleen Kollar-Kotelly said 
admission of the message “would 
substantially prejudice Microsoft.” 


Firepond to Restate 
Results After Fraud 


Firepond Inc., a Waltham, Mass.- 
based developer of sales and cus- 


tomer service software, said it plans 
to revise the financial results for the | 


first two quarters of its current fis- 
cal year after discovering several 
fraudulent sales transactions. The 
company blamed the problems on 
one employee and said it fired the 
worker last Wednesday after con- 
ducting an internal investigation. 


Security Holes Close 
U.K. Tax Service 


The U.K. government's tax depart- 
ment shut down an Internet-based 
tax self-assessment service be- 
cause of security breaches that let 
some users see the personal data of 
other individuals. The Inland Rev- 
enue department said the problem 
was caused by flaws in an electron- 
ic form used to file taxes online. The 
agency was unable to say how long 
it will take to fix the service. 


Lucent Technologies Inc. in Murray 
Hill, N.J., said it completed a deal to 
off-load manufacturing of optical 
networking systems to Solectron 
Corp. in Milpitas, Calif. Solectron 


will build the products at a Lucent- 
owned plant in North Andover, Mass. 
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Informix Users: IBM Mostly 
Making the Right aan 


Commitment to databases lauded, but 
marketing, support raise some concerns 


BY MARC L. SONGINI 
EARLY A YEAR 
after it bought 
Informix Corp.'s 
database opera- 
tions, IBM con- 

tinues to make moves that are 

keeping members of the in- 
stalled base it inherited happy 

— though not without some 


concerns about issues such | 


as marketing and 
technical support. 

While some In- 
formix customers 
initially feared that 
IBM was just try- 


Ea Cla Plats) as 


Stamford, Conn 
based Gartner Inc. says 
Informix database sales 


ture used for its other software. 

IBM’s approach has left 
Informix customers largely 
complaint-free thus far, ac- 
cording to James Governor, an 
analyst at Nashua, N.H.-based 
consulting firm Illuminata Inc. 
“IBM has done sickeningly 
well,” Governor said with irony. 

IBM has shown a surprising 
level of openness with its new 
users, said Fred 
Hubbard, _presi- 
dent of the Inter- 
national Informix 
Users Group 
(IIUG) in Menlo 


ing to find a new 
market for its own 
DB2 databases, a 
half-dozen users 
said during the 
past few weeks 
that IBM has con- 


fell from.S$290 million 
in 2000 to $264 mil 
lion last year 


ees ee rem el 
eM meme 


in Informix revenue has 


slowed since it bought 


Park, Calif. In ad- 
dition, the up- 
grades_ released 
by IBM have been 
sturdier and less 
buggy than In- 
formix was able 





vinced them that MRC 
it’s committed to 
maintaining the Informix prod- 
uct portfolio. 

IBM has delivered 20 In- 
formix upgrades since buying 
the technology for $1 billion 
last July, most notably Version 
9.3 of the flagship Informix Dy- 
namic Server (IDS) software 
(see story below). And in 
April, the company put the In- 
formix products under the 
same software licensing struc- 


to deliver, Hub- 
bard said. IBM 
has even outlined develop- 
ment plans two to three releas- 
es in advance, something In- 
formix never did, he added. 
However, Hubbard and sev- 
eral Informix users cited some 
issues. For example, the In- 
formix software continued to 
lose market share last year, and 
some users said IBM isn’t mar- 
keting the databases effectively 
enough to keep customers from 


More Informix Upgrades in the Works 


Looking to demonstrate its commit- 
ment to the Informix user base, IBM 
has made a series of enhancements 
to the product line that it acquired 

Ti months ago and said it has more 
upgrades on the way. 

The biggest step taken by IBM 
thus far has been the release of Ver- 
sion 9.3 of IDS last fall, with new 
features such as a bundled set of 
database administration tools. At 


the same time, it announced a tool 
that lets IDS 9.3 share data with 
IBM's own DB2 databases. That 
was followed in November by the 
release of a so-called gold bundle 
that includes both DB2 and IDS. 

Without disclosing details, IBM 
said that it plans to release later this 
year enhanced versions of Informix's 
Red Brick data warehouse software 
and XPS parallel database. 





bolting to products from Mi- 
crosoft Corp. and Oracle Corp. 

“IBM is a silent company in 
many ways,” Hubbard said. “I 
wish it was not as low-key and 
demure from a marketing per- 
spective. They’re not telling 
their story as loudly as I be- 
lieve they should.” 

An IBM spokeswoman said 
that the company has spon- 
sored newsletters and user fo- 
cus groups for Informix custo- 
mers and that executives have 
been visiting users. “Our No. 1 
objective is to show these cus- 
tomers we are committed to 
them,” she said. 

Technical support for In- 
formix databases is still good 
under IBM, said Mac Horn, an 
IIUG board member and a 
database services administra- 
tor at a software vendor that 
uses IDS to support its cus- 
tomers. But now, “you may 
have to go through one or two 
more layers to get the right peo- 
ple,” said Horn, who asked that 
his company not be identified. 

Warren Donovan, a senior 
database administrator at Sci- 
ence Applications Internation- 
al Corp. (SAIC) in Oak Ridge, 
Tenn., said it’s difficult to get 
Informix performance bench- 
mark data from IBM. Assis- 
tance on tests that compare 
DB2 and Informix is also tough 
to come by, Donovan said. 

Without head-to-head data, 
it’s hard to recommend one 
over the other, he said. Dono- 


But Colleen Graham, an analyst 
at Gartner Inc. in Stamford, Conn., 
said she views IBM's current ap- 
proach as a short-term strategy. 
“While IBM claims they will continue 
to support customers on the In- 
formix products, they have also 
made it clear that DB2 is their flag- 
ship product, and they want custo- 
mers to migrate to DB2,” she said. 

An IBM spokeswoman acknowl- 
edged that the company “is leading 
with DB2.” But, she said, it plans to 
enhance individual Informix prod- 





IBM is a silent 
company in 
many waYSs.... 
They’re not 
telling their 
story as loudly 
as I believe 
they should. 


FRED HUBBARD, PRESIDENT, 
INTERNATIONAL INFORMIX 
USERS GROUP 


van manages an Informix data- 
base for a client of SAIC, 
which does IT engineering and 
systems integration work. 

The IBM spokeswoman said 
the company is combining its 
separate DB2 and Informix 
support groups to try to pre- 
vent users from getting con- 
nected to people who can’t help 
them. Another company offi- 
cial said that IBM offers 
Informix benchmark data to 
individual customers. D 


KNOWLEDGE CENTER 


Data Management: For additional 
resources related to databases, visit: 


QuickLink: k1800 
www.computerworld.com 


ucts every 18 months to meet the 
needs of users who don’t want to 
switch databases. “Customers are 
not going to be forced to migrate to 
DB2,” she said. 

The message that Informix data- 
base development will continue for 
the foreseeable future was also de- 
livered by Tom Rosamilia, IBM's vice 
president of worldwide data man- 
agement development, in a speech 
at the International DB2 Users Group 
conference last month. 

- Marc L. Songini 
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Vendors Team Up to Merge Linux Releases 


But absence of Red Hat leaves questions 


BY TODD R. WEISS 

A standardized enterprise- 
only version of Linux is being 
built by four vendors that are 
aiming to improve the open- 
source operating system’s ap- 
peal to businesses. But Red Hat 
Inc., the top Linux vendor in 
the US., isn’t involved. 

Caldera International Inc., 
SuSE Linux AG, Conectiva SA 
and Turbolinux Inc. joined last 
week with more than a dozen 
hardware and software ven- 
dors, including IBM, Hewlett- 
Packard Co., Advanced Micro 
Devices Inc. and Intel Corp., to 
announce that they plan to of- 
fer a uniform Linux distribu- 
tion by the end of the year. 





Caldera, SuSE, Turbolinux 
and Conectiva said they hope 
to streamline application de- 
velopment by software ven- 
dors. By standardizing, they 
said, vendors will have to certi- 


| UnitedLinux 


Recent Breaches Raise 


Specter of Liability Risks 


Security incidents 
could spur suits, 
analysts caution 


BY JAIKUMAR VIJAYAN 
Organizations that fail to show 
due diligence when it comes 
to protecting their data assets 
face a very real risk of legal 
problems in the not-too-dis- 
tant future, analysts said. 

The renewed caution comes 
in the wake of last 
week’s news that 
hackers broke into 
a California state 
personnel database 
and gained access 
tc financial and 
other confidential personal in- 
formation on all 265,000 state 
government employees, in- 
cluding Gov. Gray Davis. 

Incidents like this and the 
recent theft of more than 
13,000 confidential records 
from Costa Mesa, Calif.-based 
Experian, a major credit re- 


see page 18. 





LINK LIABILITIES 


Companies need to monitor 
their own security setups and 
those of business partners, 


— 


porting agency, are shining the 
spotlight more brightly than 
ever on liability issues for com- 
panies doing business over the 


Internet, warned Michael Ras- | 


mussen, an analyst at Giga In- 
formation Group Inc. in Cam- 


| bridge, Mass. 


“The whole issue has gotten 
to ascale where companies face 
a real risk of legal liability,” 


Rasmussen said. “There are go- | 


ing to be landmark cases where 
people are going to be suing 
other people. That is what 
is finally going to 
get the attention of 
companies.” 

In the California 
incident, a hacker 
broke into a data- 
base housed at the 
state’s Stephen P. Teale Data 
Center in Rancho Cordova and 
accessed names, Social Secu- 
rity numbers and payroll infor- 
mation for everyone from 
office workers to judges. 

The break-in occurred April 5 
and was discovered by the 
state controller’s office May 7, 








fy their applications for fewer 
Linux releases. 


The unified system, called | 


UnitedLinux, will be sold and 
supported by each of the four 
vendors. Raleigh, N.C.-based 
Red Hat wasn't initially invited 
to join the project, but the par- 
ticipants said it’s now open to 
all Linux vendors. 

Mike Prince, CIO at clothing 
retailer Burlington Coat Facto- 
ry Warehouse Corp. in Burling- 
ton, N.J., which uses Red Hat 
and SuSE versions of Linux, 
said he hopes this isn’t just an 
anti-Red Hat marketing strat- 
egy being camouflaged as a 
push for progress. 

“If it’s a move to consolidate 
Linux, then I’m all for it,” 
Prince said. “But if it’s a move 
to go after Red Hat, then I 


but it wasn’t disclosed to the 
public or the state employees 


until May 24. 


The handling of the incident 
has provoked criticism from 
the California Union of Safety 
Employees (CAUSE), which 
slammed state controller Kath- 
leen Connell for the delay in 
informing victims that their 
personal informatien had been 
compromised. 

“Tt is an outrage that the con- 
troller herself has been negli- 
gent in recognizing the peril 


| think it’s contrary to what the 


munity should be.” 


success of the effort uncertain. 

George Weiss, an analyst at 
Gartner Inc. in Stamford, 
Conn., said it could mean that 
two separate standardization 
movements will take hold. Red 
Hat already has alliances of its 
own with 80 business partners 
as part of its corporate adop- 
tion strategy, making it less 


in the future, he said. 

“I personally think it would 
be a comedown for Red Hat, 
because then they become just 
another member,” Weiss said. 
“I’m not sure that they’re going 
to come easily to this party.” 

Bill Claybrook, an analyst at 
Aberdeen Group Inc. in Bos- 
ton, said he has reservations 
about how the initiative can in- 





posed by this high-tech inva- 


a statement. 


criticism and said it had acted 
swiftly in asking the Sacramen- 
to Valley Hi-Tech Crime Task 
Force to conduct a criminal in- 
vestigation of the incident. 


and not the state controller’s 
office that is solely responsible 
for the security breach, and 
that agency has accepted full 





spirit of the open-source com- | 


Analysts said the striking ab- | 
sence of Red Hat makes the | 


likely that it will join this effort | 


sion of privacy,” CAUSE Presi- | 
| dent Alan Barcelona said in | 
| why companies need to ensure 
Connell’s office refuted the | 


“It is the Teale Data Center | 





crease revenues for the four 
partners. It could help raise 
overall user confidence in Lin- 
ux, Claybrook said. 

But if that happens, he 
added, the first vendor that 
many IT managers will likely 
think of is Red Hat, due to the 
company’s brand recognition 
and track record. “Red Hat has 
a better story to tell than the 
others,” Claybrook said. 

Mark deVisser, Red Hat's 
vice president of marketing, 
said UnitedLinux appears to be 
aimed at gaining support from 
application software vendors, 
which he claimed hasn’t been 
a problem for his company. 
“They don’t solve a problem 
that we have,” deVisser said. D 


LINUX DOWNLOAD 


For more Linux news and information, go to 
our Web site 
QuickLink: a2080 
www.computerworld.com 


responsibility,” Connell’s office 
claimed in a statement. 
Incidents such as these show 


that they are following best 
practices around information 
security, said Rick Fleming, a 
vice president at Digital De- 
fense Inc., a San Antonio- 
based security consultancy. 

“It won’t take too many more 
cases of folks enduring identi- 
ty theft or financial hardship 
for somebody to start suing,” 
he warned. D 


information] in the cache, how do 
they stop me from getting other 
things in the cache? And the an- 
swer is, they don’t.” 

Alien said he changed the 9 to 
an 8 and hit the Return key, and up 
popped someone else's statement. 
He kept changing numbers and 
sampled all the way down to 1 and 
got a hit each time. 

Flood said the pages Alien 
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Informix Users: IBM Mostly 
Making the Right Moves 


AT DEADLINE} 


States Denied on 
Microsoft E-Mail 


The judge overseeing the remedy 
phase of the Microsoft Corp. anti | Commitment to databases lauded, but 
trust case rejected a last-minute bid . ° . . 
by the nonsettling states to enter marketing, support raise some concerns 
into evidence an internal Microsoft a i _ 
e-mail message that suggested the 
company take “underground” retal- 


bolting to products from Mi- 
crosoft Corp. and Oracle Corp 
“IBM is a silent company in 
many ways,” Hubbard said. “I 
wish it was not as low-key and 
demure from a marketing per- 
spective. They’re not telling | 


ture used for its other software. 
IBM’s has left | 


| BY MARC L. SONGINI 
| | 


EARLY A 


iatory actions against Linux-friendly | 


PC makers. U.S. District Court 
Judge Colleen Kollar-Kotelly said 
admission of the message “would 
substantially prejudice Microsoft.” 


Firepond to Restate 
Results After Fraud 


Firepond Inc., a Waltham, Mass.- 
based developer of sales and cus- 


tomer service software, said it plans | 


to revise the financial results for the 
first two quarters of its current fis- 
cal year after discovering several 
fraudulent sales transactions. The 
company blamed the problems on 
one employee and said it fired the 
worker last Wednesday after con- 
ducting an internal investigation. 


Security Holes Close 
U.K. Tax Service 


The U.K. government's tax depart- 
ment shut down an Internet-based 
tax self-assessment service be- 
cause of security breaches that let 
some users see the personal data of 
other individuals. The Inland Rev- 
enue department said the problem 
was caused by flaws in an electron- 
ic form used to file taxes online. The 
agency was unable to say how long 
it will take to fix the service. 


Lucent Hands Off 
Optical Production 


Lucent Technologies Inc. in Murray 


Hill, N.J., said it completed a deal to | 


off-load manufacturing of optical 
networking systems to Solectron 
Corp. in Milpitas, Calif. Solectron 
will build the products at a Lucent- 
owned plant in North Andover, Mass. 
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| 
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database 
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bought | 


opera- | 


tions, IBM con- | 
| tinues to make moves that are | 


keeping members of the in- 
stalled base it inherited happy 


| “IBM 


though not without some | 


approach 
Informix customers largely 
complaint-free thus far, ac 
cording to James Governor, an 
analyst at Nashua, N.H.-based 
consulting firm Illuminata Inc. 
has done sickeningly 
well,” Governor said with irony. 

IBM has shown a surprising 


| ‘ : : 
concerns about issues such | level of openness with its new 


as marketing and 
technical support. 

While some In- 
formix customers 
initially feared that 
IBM was just try- 
ing to find a new 
market for its own 
DB2 
half-dozen 


databases, a 
users 
said during the 
past few weeks 
that IBM has con- 
vinced them that 
it’s committed to 


EV a lags Ela cles 


® Stamford, Conn.- 

Pe RSr atm MSN bs 
CUE Mec Le Lr etiee ica 
fell from $290 million 
in 2000 to $264 mil- 
lion last year. 


eee UE REL 
CEC CRO MCR om i 
in Informix revenue has 
slowed since it bought 
the databases. 


maintaining the Informix prod- | 


uct portfolio. 

IBM 20 In- 
formix upgrades since buying 
the technology for $1 billion 
last July, most notably Version 
9.3 of the flagship Informix Dy- 
Server (IDS) software 
below). And 
April, the company put the In- 
formix under the 
same software licensing struc- 


has delivered 


namic 


(see story 


products 


users, said Fred 
Hubbard, _ presi- 
dent of the Inter- 
national Informix 
Users Group 
(IIUG) in Menlo 
Park, Calif. In ad- 
dition, the up- 
grades released 
by IBM have been 
sturdier and less 
than In- 
was able 


Hub- 


buggy 
formix 
to 
bard 
outlined 


deliver, 
said. 
has 


even develop- 


| ment plans two to three releas- 


es in advance, something In- 
formix never did, he added. 
However, Hubbard and sev- 


eral Informix users cited some | 


issues. For example, the In- 


| formix software continued to 


in | 


lose market share last year, and 
some users said IBM isn’t mar- 
keting the databases effectively 
enough to keep customers from 


More Informix Upgrades in the Works 


Looking to demonstrate its commit- 
ment to the Informix user base, IBM 
has made a series of enhancements 
to the product line that it acquired 

Tl months ago and said it has more 
upgrades on the way. 

The biggest step taken by IBM 
thus far has been the release of Ver- 
sion 9.3 of IDS last fall, with new 
features such as a bundled set of 
database administration tools. At 


the same time, it announced a tool 
that lets IDS 9.3 share data with 
IBM's own DB2 databases. That 
was followed in November by the 
release of a so-called gold bundle 
that includes both DB2 and IDS. 

Without disclosing details, IBM 
said that it plans to release later this 
year enhanced versions of Informix's 
Red Brick data warehouse software 
and XPS parallel database. 


IBM | 


their story as loudly as I be- 


| lieve they should.” 


An IBM spokeswoman said 


that the company has spon- 


sored newsletters and user fo- | 
cus groups for Informix custo- 
mers and that executives have 
been visiting users. “Our No. 1 


objective is to show these cus- 


tomers we are committed to 


them,” she said. 


Technical support for 


IIUG board member 


tor at a software vendor that 


uses IDS to support its cus- 
may 
have to go through one or two 


tomers. But now, “you 
more layers to get the right peo- 
ple,” said Horn, who asked that 
his company not be identified. 


Warren 


database administrator at Sci- 


ence Applications Internation- 


al Corp. (SAIC) in Oak Ridge, 


Tenn., said it’s difficult to get 
Informix performance bench- 
mark data from IBM. 


tance on tests that compare 
DB2 and Informix is also tough 


to come by, Donovan said. 


Without head-to-head data, 


it’s hard to recommend one 
over the other, he said. Dono- 


| But Colleen Graham, an analyst 

| at Gartner Inc. in Stamford, Conn., 

said she views IBM's current ap- 

| proach as a short-term strategy. 

| “While IBM claims they will continue 
to support customers on the In- 

| formix products, they have also 

made it clear that DB2 is their flag- 

| ship product, and they want custo- 

| mers to migrate to DB2,” she said. 

An IBM spokeswoman acknowl- 
edged that the company “is leading 
with DB2.” But, she said, it plans to 
enhance individual Informix prod- 


In- 
formix databases is still good 
under IBM, said Mac Horn, an 
and a 


database services administra- 


Donovan, a senior 


Assis- 





IBM is a silent 
company in 
many ways. ... 
They’re not 
telling their 
story as loudly 
as I believe 
they should. 


FRED HUBBARD, PRESIDENT, 
INTERNATIONAL INFORMIX 
USERS GROUP 


van manages an Informix data- 
base of SAIC, 
which does IT engineering and 
systems integration work. 

The IBM spokeswoman said 
the company is combining its 
separate DB2 and Informix 
support groups to try to pre- 
vent users from getting con- 
nected to people who can’t help 
them. Another company offi- 
cial said that IBM _ offers 
Informix benchmark data 
individual customers. D 


KNOWLEDGE CENTER 


For additional 

resources related to databases, visit 
QuickLink: k1800 

www.computerworld.com 


for a client 


to 


ucts every 18 months to meet the 
needs of users who don’t want to 
switch databases. “Customers are 
not going to be forced to migrate to 
DB2,” she said. 

The message that Informix data- 
base development will continue for 
the foreseeable future was also de- 
livered by Tom Rosamilia, IBM's vice 
president of worldwide data man- 
agement development, in a speech 
at the International DB2 Users Group 
conference last month. 

- Marc L. Songini 
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Vendors Team Up to Merge Li 


But absence of Red Hat leaves questions 


BY TODD R. WEISS 
A_ standardized 
only version of Linux is being 
built by four vendors that are 


enterprise- 


Caldera, SuSE, Turbolinux 


| and Conectiva said they hope 


aiming to improve the open- | 
| said, vendors will have to certi- 


source operating system’s ap- 
peal to businesses. But Red Hat 
Inc., the top Linux vendor in 
the U.S., isn’t involved. 
Caldera International 


Inc., | 


SuSE Linux AG, Conectiva SA | 


and Turbolinux Inc. joined last 


week with more than a dozen | 


hardware and software 


ven- | 


dors, including IBM, Hewlett- | 


Packard Co., Advanced Micro 
Devices Inc. and Intel Corp., to 
announce that they plan to of- 
fer a uniform Linux distribu- 
tion by the end of the year. 


to streamline application de- 
velopment by software ven- 
dors. By standardizing, they 


The goal of the merged operating 
system is to spur new applications 
and better compatibility among 
Linux systems. 
« First version expected 

in the fourth quarter 


= Standards-based platform 
= Wide partner support 
= Variable pricing by vendors 


Recent Breaches Raise 
Specter of Liability Risks 


porting agency, are shining the 
spotlight more brightly than 


Security incidents 
could spur suits, 
analysts caution 


BY JAIKUMAR VIJAYAN 
Organizations that fail to show 
due diligence when it comes 
to protecting their data assets 
face a very real risk of legal 
problems in the not-too-dis- 
tant future, analysts said. 

The renewed caution comes 
in the wake of last 
week's that 
hackers broke into 
a California 


news 


state nse 
personnel database 
and gained 


to financial 


access 
and 
other confidential personal in- 
formation on all 265,000 state 
government employees, in- 
cluding Gov. Gray Davis. 
Incidents like this and the 
recent theft of than 
13,000 confidential 
from Costa Mesa, Calif.-based 
Experian, a major credit re- 


more 


records 


LINK LIABILITIES 


Companies need to mc 


those of business 


see page 18. 


ever on liability issues for com- 
panies doing business over the 
Internet, warned Michael Ras- 
mussen, an analyst at Giga In- 
formation Group Inc. in Cam- 
bridge, Mass. 

“The whole issue has gotten 
to a scale where companies face 
a real risk of legal liability,” 
Rasmussen said. “There are go- 
ing to be landmark cases where 
people are going to be suing 
other people. That is what 
is finally going to 


companies.” 
In the California 
partner: incident, a hacker 
broke into a data- 
base housed at the 
state’s Stephen P. Teale Data 
Center in Rancho Cordova and 
accessed names, Social Secu- 
rity numbers and payroll infor- 
mation for everyone from 

office workers to judges. 
he break-in occurred Apri! 5 
and was discovered by the 
state controller’s office May 7, 


rf 


unty setups and 


|} Linux, 


get the attention of 


NEWS 


nux Releases 


fy their applications for fewer 
Linux releases. 

The unified system, called 
UnitedLinux, will be sold and 


| supported by each of the four 


vendors. Raleigh, N.C.-based 
Red Hat wasn't initially invited 
to join the project, but the par- 
ticipants said it’s now open to 
all Linux vendors. 

Mike Prince, CIO at clothing 


| retailer Burlington Coat Facto- 
| ry Warehouse Corp. in Burling- 
| ton, N,J., 


which uses Red Hat 


and SuSE versions of Linux, 


said he hopes this isn’t just an | 
| anti-Red Hat marketing strat- 


egy being camouflaged as a 


| push for progress. 


“If it’s a move to consolidate 
then I’m all for it,” 
Prince said. “But if it’s a move 


to go after Red Hat, then I 


but it wasn’t disclosed to the 
public or the state employees 
until May 24. 

Che handling of the incident 
has provoked criticism from 
the California Union of Safety 
Employees (CAUSE), which 
slammed state controller Kath- 
leen Connell for the delay in 
informing victims that their 
personal information had been 
compromised. 

“It is an outrage that the con- 
troller herself has been negli- 
gent in recognizing the peril 


think it’s contrary to what the 
spirit of the open-source com 
munity should be.” 

Analysts said the striking ab- 
sence of Red Hat makes the 


| success of the effort uncertain. 


George Weiss, an analyst at 
Gartner Inc. in Stamford, 
Conn., 
two 


said it could mean that 
separate standardization 
movements will take hold. Red 
Hat already has alliances of its 
own with 80 business partners 
as part of its corporate adop- 
tion strategy, making it 
likely that it will join this effort 
in the future, he said. 

“I personally think it would 
be a comedown for Red Hat, 


less 


because then they become just 
another member,” Weiss said. 
“I’m not sure that they’re going 
to come easily to this party.” 
Bill Claybrook, an analyst at 
Aberdeen Group Inc. in Bos- 
ton, said he has reservations 
about how the initiative can in- 


posed by this high-tech inva- 
sion of privacy,” CAUSE Presi- 
dent Alan 
a Statement. 

Connell’s office refuted the 
criticism and said it had acted 
swiftly in asking the Sacramen- 
to Valley Hi-Tech Crime Task 
Force to conduct a criminal in- 
vestigation of the incident. 

“It is the Teale Data Center 
and not the state controller's 
office that is solely responsible 
for the security breach, and 
that agency has accepted full 


Barcelona said in 


Fidelity Canada Closes Security Hole 


Toronto-based Fidelity Investments 
Canada Ltd. said it has corrected a 
problem that allowed an Ottawa 
college professor to access static 
account information belonging to 
other customers. 

Fidelity spokeswoman Kimberly 
Flood said last week that the cause 
of the error, which affected cus- 
tomers only in Canada and data 
held on one server, is still under 
investigation. She added that the 
Web logs for the company’s site 
showed that no one else accessed 
the information. The Web site and 
server in question serves only 
17,000 customers in Canada. 

Flood said the company has of 


fered to give the 30 customers 
known to have been affected new 
passwords for their accounts. 

lan Alien, a computer professor 
at Algonquin College in Ottawa, 
brought the glitch to Fidelity Cana- 
da’s attention in an e-mail sent 
May 24. Allen said he received a 
user identification from Fidelity 
Canada in the mail and then went 
to the Web site to check his ac- 
count information. 

“I got my paper user ID, brought 
up my statement and looked up at 
the URL. | thought, that is interest- 
ing - the URL ended with cache/ 
statement799. pdf.” he said. “I 
wondered, if they put [the account 





crease revenues for the four 
partners. It could help raise 
overall user confidence in Lin- 
ux, Claybrook said. 

But if that happens, he 
added, the first that 
many IT managers will likely 
think of is Red Hat, due to the 
company’s brand recognition 
and track record. “Red Hat has 


a better story to tell than the 


vendor 


others,” Claybrook said. 

Mark Hat’s 
vice president of marketing, 
said UnitedLinux appears to be 
aimed at gaining support from 


deVisser, Red 


application software vendors, 
which he claimed hasn't been 
a problem for his company. 
“They don’t solve a problem 
that we have,” deVisser said. D 


pencil 


e QuickLink: a2080 
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it 


responsibility,” Connell’s office 
claimed in a statement. 

Incidents such as these show 
why companies need to ensure 
that they are following best 
practices around information 
security, said Rick Fleming, a 
vice president at Digital De 
Inc., a San Antonio 
based security consultancy. 

“It won't take too many more 
cases of folks enduring identi- 
ty theft or financial hardship 
for somebody to start suing,” 


fense 


he warned. D 


information] in the cache, how do 
they stop me from getting other 
things in the cache? And the an- 
swer is, they don’t.” 

Allen said he changed the 9 to 
an 8 and hit the Return key, and up 
popped someone else's statement. 
He kept changing numbers and 
sampled all the way down to 1 and 
got a hit each time. 

Flood said the pages Allen 
accessed were static Portable 
Document Format pages contain- 
ing only account information. They 
weren't interactive pages that could 
be used for transactions, she said. 

The address Allen saw wasn't 
meant to be seen, Flood said. “We 
certainly appreciate that he brought 
it to our attention,” she said. 

- Brian Sullivan 


eee | 








NEWS 


US. Firms Skipping ‘Safe Harbor’ 


About 200 companies have signed up; 
European privacy enforcement lacking 


BY PATRICK THIBODEAU 
EXT MONTH 
marks the two- 
year anniversary 
of the landmark 
U.S. and Euro- 
harbor” privacy 
agreement, which was de- 
signed to smooth data ex- 
change across the Atlantic. But 
thus far, the deal has been large- 
ly ignored by U.S. companies 
and unenforced by European 
data-protection authorities. 
Approximately 200 U.S. com- 
panies, mainly high-tech ven- 
dors, have signed up for safe 
harbor. Most of the businesses 
are small or midsize, but there 
are notable exceptions, includ- 
ing Microsoft Corp., Hewlett- 
Packard Co., Procter & Gamble 


pean “safe 





Co., Eastman Kodak Co. and 
Intel Corp. 

European Union officials last 
week said that they’re disap- 
pointed that more companies 
haven't signed up but they’re 
not giving up on the safe-har- 
bor agreement. Neither is the 
Bush administra- 
tion, according to 
officials and ex- 
perts in Europe 
and the U.S. 

Companies that 
sign up for safe 
harbor agree to follow certain 
data privacy practices, such as 
getting users’ consent to share 
their data and allowing cus- 
tomers to access their personal 
information, as well as data use 
restrictions. 


EU: U.S. Financial Law Not Enough 


WASHINGTON 

Efforts by financial services firms 
to get European authorities to rec- 
ognize U.S. financial data privacy 
tules as being on par with Eu- 
rope’s privacy protections have 
come up short, leaving the firms 
in limbo on compliance. 

Frits Bolkenstein, the European 
Union's internal markets commis- 
sioner, was in Washington last 
week to meet with U.S. officials 
on data privacy and other issues. 

According to Bolkenstein, the 
Gramm-Leach-Bliley Act doesn't 
pass the “adequacy” requirement 
under Europe's data privacy rules. 
That means that financial services 
firms face the prospect of having 
to comply with Europe’s stringent 
privacy rules, which require cus- 
tomer consent on many transac- 
tions. U.S. firms typically instate 
an “opt-out” provision. 

David Leifer, senior counsel at 
the American Council of Life In- 
surers in Washington, said the 
trade group opposes any new pri- 
vacy requirements. Citing existing 
U.S. law, Leifer said the group 
feels “that we are more than ade- 
quately regulated for privacy.” 


The personal data of European 
residents can be exported only to 
countries that offer data privacy 
protections similar enough to Eu- 
rope’s privacy rules to be deemed 
adequate. 

The U.S. government wants the 
European Union to recognize the 
Gramm-Leach-Bliley Act and other 
financial privacy laws as adequate 
protections. But Bolkenstein said 
at a meeting of the European- 
American Business Council in 
Washington that he “regrets” that 
financial services weren't included 
in the safe harbor agreement. 

Companies that sign up for safe 
harbor agree to provide European 
residents with a stringent set of 
privacy protections, such as seek- 
ing their consent before sharing 
personal information and agreeing 
to set limits on the use of the data. 

Bolkenstein cited a number of 


with affiliates. A U.S. Department of 
the Treasury official didn't respond 
to Bolkenstein's comments but said 

- Patrick Thibodeau 
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There’s no question that Eu- 
rope’s privacy rules are here to 
stay. But European authorities, 
with few exceptions, haven't 
been aggressively enforcing 
their rules, even against busi- 
nesses in their own countries. 

Privacy observers in Ger- 
many and England said data- 
protection authorities don’t 
have the staff to enforce priva- 
cy laws. England is levying 
small fines against violators, 
but German priva- 
cy rules are so 
complex that it’s 
impossible for lo- 
cal companies to 
fully comply, said 
Florian Baum, an 
attorney at Brobeck Hale and 
Dorr in Munich. “Nobody, real- 
ly, is very eager to follow those 
rules,” he said. 

In the U.S., a company that 
violates its stated privacy poli- 
cy is subject to Federal Trade 
Commission enforcement ac- 
tion. Some experts suggested 
that U.S. businesses are avoid- 
ing safe harbor because they 
fear that saying they comply 
with its stringent terms is akin 
to painting a bull’s-eye on 
their companies and inviting 
inspection. 

Scott Salley, chief privacy 
executive at McKesson Corp., 
said that fear is what’s holding 
U.S. companies back. Nonethe- 
less, his San Francisco-based 
health care products firm has 
signed up for safe harbor. 


Self-Certification Difficult 


Companies that adopt safe 
harbor self-certify that they’re 
in compliance, but that’s not 
necessarily an easy process. 

McKesson created a multi- 
departmental task force to re- 
view its data practices, which 
led to new rules on data access 
and a procedure for annual au- 
diting. It was an opportunity 
to centralize corporate privacy 
practices, said Salley. 

There are alternatives to safe 
harbor. Companies can use in- 
dividual contracts stipulating 
privacy protections. But Salley 
said safe harbor’s blanket cov- 
erage is more attractive. 





“We need something in 
place,” he said. “If people blow 
off safe harbor, what are you 
going to do then?” 

Despite questions about the 
future of safe harbor, the Bush 
administration supports the 
agreement, which was adopted 
during the Clinton presidency. 

“The safe-harbor program 
is one of the easiest, most effi- 
cient ways for U.S. companies 
to comply with the European 
directive on data protection,” 
said Michele O’Neil, deputy 
assistant secretary for IT at 
the U.S. Department of Com- 
merce. D 
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SAP Looks to Regain User 
Confidence at Conference 


New CRM, supply 
chain software due 


BY MARC L. SONGINI 
SAP AG has no shortage of 
challenges to contend with as 
it comes face to face with users 
of its applications this week. 
Following a tough first quar- 
ter and the announcement two 
weeks ago of management 
changes at its U.S. subsidiary, 


SAP will try to pick up some |; 


momentum with customers at 
its Sapphire 02 user confer- 
ence in Orlando. The company 
said it plans to announce en- 
hancements to some of the 
key applications in its Web- 
enabled mySAP.com suite. 

The rollouts will include up- 
grades of SAP’s customer rela- 
tionship management (CRM) 
and supply chain management 
software, according to a spokes- 
man at SAP America Inc. in 
Newtown Square, Pa. The 
spokesman, who said the com- 
pany will also announce some 
new customer contracts at Sap- 
phire, declined to disclose de- 
tails about the functionality be- 
ing added to the products. 

In addition, he said that new 





worldwide sales chief Leo 
Apotheker is expected to out- 
line his plans and goals for the 
U.S. market at Sapphire. Apo- 
theker last month was given 
responsibility for global field 
operations and named acting 
head of SAP America. Wolf- 
gang Kemna, who had been 
CEO of the U.S. unit, was shift- 
ed to a new job as executive 
vice president of global initia- 
tives within SAP. 

Those changes followed a 
year-to-year decline of 28% 
in software license revenue at 


It would be 
great to see 
some more 
stability in 
[SAP’s] manage- 
ment team here 
in the U.S. 


DAVE BENT, CIO, ACTERNA CORP. 
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Retailers Defend Low-Level Security on Wireless LANs 


Companies say they’re not concerned 
because sensitive data remains secure 


BY BOB BREWIN 

More high-profile retail chains 
are being fingered by white-hat 
hackers for not fully securing 


wireless LANs installed in their | 


stores. But several retailers said 
they’re not exposing any sensi- 
tive data, and some security an- 
alysts agreed that the risks 
don’t appear to be great. 

While retailers have quickly 
embraced wireless LAN tech- 
nology to support applications 


SAP America during the first 
quarter. As a whole, SAP re- 
ported a 40% drop in net profit 
for the quarter, to $56.6 million, 
although total revenue in- 
creased by 9% to $1.6 billion. 

“It would be great to see 
some more stability in the 
management team here in the 
US.,” said Dave Bent, CIO at 
Acterna Corp., a Germantown, 
Md.-based communications test 
equipment maker. Acterna 
uses SAP’s R/3 enterprise re- 
source planning applications 
and CRM software. 

“I just hope they 
change too much at once,” 
Bent added. “They have people 
who have established strong 
customer relationships, which 
need to be preserved.” 

SAP hasn’t measured up to 
its own expectations in the 
U.S. market, said David Do- 
brin, an analyst at Cambridge, 
Mass.-based consulting firm 
B2B Analysts. “SAP is facing a 
number of serious operational 
issues, not least of which is an 
inability to meet sales targets 
in the U.S.,” Dobrin said. 

On the CRM front, 
wants to challenge rivals such 
as San Mateo, Calif.-based 
market leader Siebel Systems 
Inc. But SAP still has yet to 
have much success at selling 
its CRM software outside the 
R/3 installed base, said Erin 


don’t 


SAP | 


Kinikin, an analyst at Giga In- | 


formation Group Inc. in Cam- 
bridge, Mass. D 


such as inventory control and 
pricing management, officials 
at companies such as CVS 
Corp. and The Home Depot 
Inc. last week said that bullet- 
proof security isn’t currently 
seen as a must-have item. 

For example, a 
security consultant 
last week claimed 
that Woonsocket, 
R.I.-based CVS was 
operating unen- 
crypted LANs in 
the Raleigh/Dur- 
ham area in North Carolina. 

Alan Clegg, who works at 
Firehouse Network Consulting 
in Apex, N.C., said he detected 
numerous CVS that 
didn’t even have basic Wired 
Equivalent Privacy (WEP) en- 
cryption turned on. 

But CVS spokesman Todd 
Andrews said the company 
doesn’t transmit customer data 


stores 


UNWIRED WORLD 


For full coverage of wireless 
issues, visit our Mobile; 
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over wireless devices. 

“We use wireless technology 
strictly for internal item man- 
agement,” Andrews said via 
e-mail. “If we were to ever 
move in the direction of trans- 
mitting [customer] informa- 
tion via in-store wireless LANs, 
we would encrypt the data.” 

Clegg said he also detected 
an unencrypted wireless LAN 
at a store owned by Phoenix- 
based Petsmart Inc. 

He noted that it 
was easy to pin- 
point the LANs be- 
cause their access 
points broadcast 
easy-to-decipher 
Service Set Identi- 
fiers: “cvsretail” for CVS and 
“PETsMART” for the pet sup- 
ply retailer 

Home Depot in Atlanta and 
Best Buy Co. in Eden Prairie, 
Minn., were cited earlier last 
month by white-hat hackers as 
users of wireless LANs that 
could be accessed by network- 
sniffing tools. Best Buy said 
it deactivated some wireless 


Sun Expands Custom 
of Hardware 


Configuration 


Broadens program 
to integrate systems 
per customer specs 


BY JAIKUMAR VIJAYAN 

Sun Microsystems Inc. is ex- 
panding a program through 
which companies can order 
customized hardware configu- 
rations from the vendor. 

The company last week an- 
nounced new Customer 
Ready Systems (CRS) pro- 
gram, under which Sun will in- 
tegrate third-party hardware 
and software products accord- 
ing to customer specifications. 

The CRS ranges 
from basic factory integration 
of standard Sun hardware and 
software suites to custom con- 


its 


service 


figurations, system design and 
life cycle management services 
involving Sun’s professional 
group and channel 
partners, said Raj Das, a direc- 
tor at Sun’s integrated prod- 
ucts group. 

Products that Sun will inte- 
grate on the factory floor 
include all Sun software, 
well as customer-provided and 
noncompetitive third-party 
software. 


services 


as 


A Broader Reach 

The program 
widens an _ initiative 
which Sun has been delivering 
custom bundles of hardware 
and software products for se- 
lect customers for the past 18 
months. 

Other vendors, such as IBM 


formally 


| 


under | 


cash registers after the reports 
surfaced [QuickLink: 29496]. 

But like CVS, Petsmart and 
Home Depot said they’re not 
worried about the security lev- 
els on their wireless LANs. 

Esther Caceres, 
woman at Petsmart, said the 
company decided two years 
ago not to install wireless cash 
registers because of concerns 
about the security of customer 
data. The wireless LANs used 
in Petsmart’s 560 stores don’t 
carry customer information 
and are isolated from back-end 
systems, she said. 


Low-Risk Uses 


Home Depot spokesman Don 
Harrison said the retailer uses 
wireless LANs to manage in- 
ventory and print price tickets. 
That information “is not pro- 
prietary,” he noted. 

Craig Mathias, an analyst at 
Farpoint Group in Ashland, 
Mass., said the approaches 
used by retailers like CVS 
make sense for a low-risk bar- 
code-scanning application. “All 


a spokes- 


Under the CRS program, Sun will 
do the following: 

Build integrated systems: 
Shipped as ready to deploy and 
fully tested. 

‘Build to order: Systems are built 
to customer specifications. 


Provide flexible configura- 
tions; Systems are shipped fully 
integrated into racks or are made 
rack-ready. 
with its Unix and iSeries 
servers and Dell Computer 
Corp. with its PCs, offer similar 
custom configurable systems. 
The University of Hawaii in 
Honolulu took advantage of 
Sun’s program recently when it 
ordered more than 200 servers 
for its student information sys- | 
tem. The university received 
four pailets of fully configured | 
rack-mounted systems that | 


Wireless LA 
Se 


Identifiers, especially those tied to 
the name of your company. 


= Always turn on the WEP secu- 
rity built into wireless LANs, even 
though it has limitations. 


= Implement layers of security 
that are commensurate to the val- 
ue of your data. 


= Put firewalls between wire- 
fess LANs and wired networks or 


back-end systems that contain 
sensitive data. 


the information a hacker is go- 
ing to get is how many bottles 
of shampoo that store has in its 
inventory,” Mathias said. 
Companies need to weigh 
the cost of building a truly bul- 
letproof wireless network, said 
Chris Kozup, an analyst at 
Meta Group Inc. in Stamford, 
Conn. Kozup said such an ef- 
fort could equal the cost of de- 
ploying the LAN hardware — 
not a sensible proposition for 
nonsensitive data, he added. D 


Hodges, the school’s manager 
of systems services. 

The preintegration eliminat- 
ed the need to configure each 
system, install it in racks and 
test it — a task that would have 
taken two full-time IT staffers 
and several part-timers more 
than two weeks to complete, 
Hodges said. “With this order, 
everything landed on a Friday 
evening, and we were power- 
ing them up on Monday morn- 
ing,” he said. 

Tony Adams, an analyst at 
San Jose-based Dataquest Inc., 
said factory integration and 
testing reduce many of the 
common problems and instal- 
lation errors that can creep in 
while new systems are being 
deployed. 

“The biggest benefit for 
users is the simplification of 
the whole [integration] proc- 
ess,” Adams said. “Sun’s taking 
on more of a risk by commit- 
ting to integrate the software 


were pretested and ready to be | for customers, but they’re re- 
powered on, said Michael | turning higher value.” D 





>. Firms 


About 200 companies have signed up; 
European privacy enforcement lacking 


BY PATRICK THIBODEAU 
EX] MONTH 


marks the 
anniversary 


two 
yeal 
of the landmark 
U.S. and 
harbor’ 


Euro 
pean “safe privacy 
agreement, which was de 
smooth data ex 


Atlantic. But 


signed to 
change across the 
thus far, the deal has been large 
ly ignored by U.S. companies 
and unenforced by European 
data-protection authorities 
Approximately 200 U.S. com 
mainly hig 


panies h-tech ven 


dors, have signed up for safe 
harbor. Most of the businesses 
are small or midsize, but there 
are notable ¢ xceptions, Inc lud 
ing Microsoft Corp., Hewlett 
r& Gamble 


Packard Co., Procte 


Co., Eastman Kodak Co. and 
Intel Cor 

European Union officials last 
week said that they’re 


pointed that more companies 


disap 


haven't signed up but they’re 
up on the safe-har 
Neither is the 


idministra 


not viving 
bor agreement 
Bush 
tion 
officials and ex- 7 

Europe As Kr 


ty A 


perts in 
and the U.S 
Companies that 
sign up for safe 
harbor agree to follow certain 
data privacy practices, such as 
getting 


data and 


users’ consent to share 
their allowing cus 
tomers to access their personal 
information, as well as data use 


restrictions 


EU: U.S. Financial Law Not Enough 


WASHING »N 
Efforts by financial services firms 
to get European authorities to rec 
ognize U.S. financial data privacy 
rules as being on par with Eu- 
rope’s privacy protections have 
come up short, leaving the firms 
in limbo on compliance 

Frits Bolkenstein, the European 
Union's internal markets commis- 
sioner, was in Washington last 
week to meet with U.S. officials 
on data privacy and other issues 

According to Bolkenstein, the 
Gramm-Leach-Bliley Act doesn’t 
pass the “adequacy” requirement 
under Europe's data privacy rules 
That means that financial services 
firms face the prospect of having 
to comply with Europe's stringent 
privacy rules, which require cus- 
tomer consent on many transac 
tions. U.S. firms typically instate 
an “opt-out” provision 

David Leifer, senior counsel at 
the American Council of Life In- 
surers in Washington, said the 
trade group opposes any new pri- 
vacy requirements. Citing existing 
U.S. law, Leifer said the group 
feels “that we are more than ade- 
quately regulated for privacy.” 


The personal data of European 
residents can be exported only to 
countries that offer data privacy 
protections similar enough to Eu- 
rope’s privacy rules to be deemed 
adequate 

The U.S. government wants the 
European Union to recognize the 
Gramm-Leach-Bliley Act and other 
financial privacy laws as adequate 
protections. But Bolkenstein said 
at a meeting of the European- 
American Business Council in 
Washington that he “regrets” that 
financial services weren't included 
in the safe harbor agreement. 

Companies that sign up for safe 
harbor agree to provide European 
residents with a stringent set of 
privacy protections, such as seek- 
ing their consent before sharing 
personal information and agreeing 
to set limits on the use of the data 

Bolkenstein cited a number of 
weaknesses in the Gramm-Leach 
Bliley Act, among them that it per- 
mits customer data to be shared 
with affiliates. A U.S. Depart: rent of 
the Treasury official didn’t respond 
to Bolkenstein’s comments but said 
discussions were continuing 

- Patrick Thibodeau 


re PME, RSE 
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There's no ¢ juesvion that Eu 


rope’s privacy rules are here to 


stay. But European authorities, 
haven't 


with few exceptions, 


been aggressively 


their 


enforcing 


rules, even against busi 


1esses in their own countries. 


Privacy observers in Ger 


many and England said data 


protection authorities don't 
have the staff to enforce priva 
land is 


cy laws. Eng levying 


small fines against violators, 


but German priva 
rules are so 
complex that it’s 
‘ impossible for lo 
companies to 
fully comply, said 
Florian Baum, an 

attorney at Brobeck Hale and 
Dorr in Munich. “Nobody, real 
ly, is very eager to follow those 
rules,” he said 
In the U.S., 


violates its st 


that 
ated privacy poli 
Trade 


Commission enforcement ac 


a company 
cy is subject to Federal 


tion. Some ested 
that U.S 


ing sate 


experts s 
avoid 


they 


. businesses are 
harbor because 


fear that saying they comply 


with its stringent terms is akin 
to painting a bull’s-eye on 


their companies and inviting 
inspection. 

Scott Salley, chief 
executive at McKesson Corp., 
said that fear is what's holding 


U.S. companies back. Nonethe 


privacy 


less, his San Francisco-based 
health care products firm has 


signed up for safe harbor 


Self-Certification Difficult 


Companies that 
harbor self-certify that they’re 


adopt safe 
in compliance, but that’s not 
necessarily an easy process. 
McKesson created a multi 
departmental task force to re 
view its data practices, which 
led to new rules on data access 


and a procedure for annual au 


diting. It was an opportunity 
to centralize corporate privacy 
practices, said Salley 

Phere are alternatives to safe 
harbor. Companies can use in 
dividual contracts stipulating 
privacy protections. But Salley 
said safe harbor’s blanket cov- 


erage Is more attractive 


Skipping ‘Safe Harbor’ 


‘We need 


place,” 


something in 
he said. * 


‘If peop le blow 


off safe harbor, what are you 
going to do then?’ 

bout the 
the Bush 


supports the 


Despite questions a 
future of safe harbor, 
administration 
agreement, which was adopted 
during the Clinton presidency. 
harbor 


“The safe- program 


is one of the easiest, most effi- 
cient ways for U.S. companies 
to comply with the European 
directive on data protection,’ 
Michele O'Neil, 
secretary for IT at 


said deputy 
assistant 
the U.S. Department of Com 


merce. D 
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U.S. Compliance 
Lags on Privacy 


A European Union report 
released earlier this year 
was critical of some safe- 
harbor compliance efforts. 
PRIVACY POLICIES: Insome 
cases, privacy policies couldn't be 
accessed on company Web sites. 


PICK AND CHOOSE: Only half 
the firms that have signed up meet 
every privacy requirement. Some 
companies drop a provision about 
auser's right to access his own data. 


OPT IN: Some firms have opt-in 
tules on sensitive data but don't 
spell out what data qualifies. 


SAP Looks to Regain User 
Confidence at Conference 


New CRM, supply 
chain software due 


BY MARC L. SONGINI 
SAP AG has no shortage of 
challenges to contend with as 
it comes face to face with users 
of its applications this week 
Following a tough first quar 
er and the announcement two 
weeks ago of management 


changes at its U.S. subsidiary, 
SAP will try to pick up some 
momentum with customers at 
its Sapphire ‘02 user confer 
ence in Orlando. The company 
said it plans to announce en- 
hancements to some of the 
key applications in its Web 
mySAP.com suite. 


rhe rollout 


enabled 
s will include up 
SAP’s customer rela 
(CRM) 
and supply chain management 


grades of 
tionship management 
software, according to a spokes 
SAP America Inc. in 


Newtown 


man at 
Square, Pa. The 
spokesman, who said the com- 
pany will also announce some 
new customer contracts at Sap- 
phire, declined to disclose de- 
tails about the functionality be 
ing added to the products. 


In addition, he said that new 


worldwide sales chief Leo 
Apotheker is expected to out 
line his plans and goals for the 
U.S. market at Sapphire. Apo 
theker last 


responsibility for global field 


month was given 


operations and named 
SAP America. 


acting 
Wolf- 
who had been 


head of 

gang Kemna, 

CEO of the U.S. unit, was shift 
j 


ed to a new job as executive 
vice president of global initia- 
tives within SAP. 

Those 
year-to-year decline of 28% 


revenue at 


changes followed a 


in software license 


It would be 
great to see 
some more 
stability in 
[SAP’s] manage- 
ment team here 
in the U.S. 


DAVE BENT, CIO, ACTERNA CORP 
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Retailers Defend Low-Level Security on Wireless LANs 


Companies say they’re not concerned 
because sensitive data remains secure 


BY BOB BREWIN 
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Sun Expands Custom 
Configuration of Hardware 


Broadens program 
to integrate systems 
per customer specs 


BY JAIKUMAR VIJAYAN 
S Micros I 


Low-Risk Uses 
Home Depot spokesn 
Harrison said the 
ireless LANs t 


Customer-Ready 


Under the CRS program, Sun will 
do the following: 


Build integrated systems: 
Shipped as ready to deploy and 
fully tested. 
Build to order: Systems are built 
to customer specifications 


Provide flexible configura- 
tions: Systems are shipped fully 
integrated into racks or are made 
rack-ready 


Wireless LAN 
Security Tips 


* Don’t broadcast Service Set 
Identifiers, especially those tied to 
the name of your company 


: Always turn on the WEP secu- 
rity built into wireless LANs, even 
though it has limitations 
= Implement layers of security 
that are commensurate to the val- 
ue of your data 

Put firewalls between wire- 
less LANs and wired networks or 
back-end systems that contain 
sensitive data. 
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Portal Server 
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The fast road to 
providing prepackaged 
and custom-developed 
services. 
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On the road to Web services, 


your portal is 
either giving your 
customers what 
they want, 

or you’re gone. 
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Sun ONE 


Open Net Environment 


Reports from the road: American Hospital Association. 
The American Hospital Association is implementing 
the Sun ONE Portal Server as a common platform for 
its 38 interactive Web sites that provide information 
and resources to the nation’s hospitals and the entire 


healthcare field. 


Sun’s associates for the ride. 

Sun teams with some of the best systems integrators in 
the business providing the knowledge and experience 
you need to deliver personalized services with the 
Sun ONE Portal Server today: Cap Gemini Ernst & Young, 
EDS, KPMG Consulting, Inc., PricewaterhouseCoopers 


and Science Applications International Corporation. 


Get 20% off the 
Sun ONE Portal Server now. 
sun.com/portalofier 
Offer expires August 20, 2002. 


and partners need with Sun” ONE Portal Server. x 


OR eae lee 


Deliver the personalized services and content that your customers, employees mS ; S 
RTT 


By delivering Web services through a ___ services through one personalized point 
portal, you can make sure your cus- __ of entry, no matter what device they’re 
tomers, employees and partners areas on. And because Sun ONE Portal Server 
productive as possible. Sun“ONE Portal __is highly scalable, you can continue to 
Server is designed to let users securely | seamlessly evolve your services as your 


access business-critical information and —_ business grows. 
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Exchange 2000 Hole 


Microsoft Corp. released a software 
patch to plug a “critical” security 
hole in its Exchange 2000 e-mail 
server software. The company said 
attackers could take advantage of 
the vulnerability to craft messages 
that would use all of the processing 
resources on unprotected Exchange 
servers, effectively shutting them 
down. Microsoft gave the flaw its 
highest severity rating. 


Macromedia Fixes 
Flaw in Java Server 


San Francisco-based Macromedia 
Inc. issued a patch for a buffer- 
overflow vulnerability that could be 
used to take complete control of 
systems that run Version 3.1 of its 
Java-based JRun server software. 
The hole affects installations that 
combine JRun 3.1 with Microsoft's 
Internet Information Services Web 
server software on Windows NT 
and Windows 2000 systems. 


Orbitz Extends Deal 
Chicago-based online travel site 
Orbitz LLC agreed to extend to 
2007 a technology licensing deal 
with Cambridge, Mass.-based ITA 
Software inc., which develops air- 
fare shopping and pricing software. 
The two companies said the agree- 
ment also lets Orbitz market ITA’s 


software to corporate travel agents 
and other travel industry businesses. 


Short Takes 


CISCO SYSTEMS INC. added sup- 
port for voice and video traffic to 
its virtual private network (VPN) 
routers and integrated VPN func- 
tionality into its Cisco 7400 de- 
vices. . .. HEWLETT-PACKARD CO. 
expanded its AlphaServer product 
line by introducing a rack-mounted 
system and companion supercom- 
puter for use in high-end technical 
computing applications. 


| down 





NEWS 


BSA Nails Corporate 
Software Pirates 


Trade group’s Web crawler uncovers 
illegal file sharing among employees 


BY PATRICK THIBODEAU 


HE BUSINESS Soft- 


ware Alliance (BSA) | 


is using a new tool 
to track illegally 
distributed com- 


mercial software, and its detec- | 


tive work has in some cases led 
to big business. 

Corporate workers using 
peer-to-peer file-sharing soft- 


ware to trade copyrighted files | 
| are turning up in the BSA’s 
| searches. In some instances, the 


digital detective work has led 
to the dismissal of those em- 
ployees. The trade group’s dis- 
covery of file sharing under the 
noses of IT managers also illus- 


trates glaring computer secu- | 
| rity weaknesses at some firms. 


“Any peer-to-peer system 


that can penetrate a firewall is | 


an open doorway to any sys- 
tem that is connected to a cor- 
porate network,” said Michel 


Kabay, a professor of informa- | 


tion assurance at Norwich 
University in Northfield, Vt. 


Smart Agents 

The BSA last week said it’s 
using a system from New York- 
based MediaForce Inc. that 


deploys intelligent agents to | 


crawl, or search, the Internet 
for illegal distributors. The sys- 
tem displays the software and 
the distributor’s IP address. 


The BSA looks up the owner of | 


the address in the Whois data- 
base of the Chantilly, Va.-based 


| American Registry for Internet 


Numbers and sends a “take- 
notice” informing the 
owner of the illegal activity. 
Many large and midsize cor- 
porations own blocks of IP 
addresses and are contacted by 


| the BSA directly. In other cases, 


the Internet service provider 
(ISP) is contacted, which in 
turn identifies the distributor 
and terminates the service. 


| 
| 
| 
| 








The automated search agent 
has made a big difference in 
the BSA’s ability to root out 
software piracy. Last year, the 


trade group distributed 5,200 | 


notices to ISPs. Within the first 
three months of using the Web 
crawler, more than 8,500 no- 


| tices were sent out. 


The BSA released the prelim- 
inary results of its efforts last 
week but was unable to provide 
a breakdown of how 


compared to universities and 


many | 
notices went to corporations | 





other sources of peer-to-peer | 


file swapping, or how many 
workers were dismissed. How- 
ever, at least two companies 


sent letters to the BSA confirm- | 
| ing employee terminations. 


There are steps IT managers 
can take to stop employees 
from such activities. Windows 
2000 and Windows NT have 
controls that allow systems 
administrators to prevent pro- 
gram installation. With earlier 
Windows versions, better user 
policies and training may help, 


| said Diana Neuman, a security 


expert at En Garde Systems 
Inc. in Albuquerque, N.M. 
Peer-to-peer systems change 
the way they operate in an 
effort to fool firewalis, but 
corporations that have good 
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firewalls and intrusion logs 
should be able to identify 
anomalies, said Neuman. 

The BSA said business soft- 
ware makers, including al- 
liance members such as Micro- 
soft Corp. and San Jose-based 
Adobe Systems Inc., are losing 
$12 billion per year to piracy 
worldwide. It said most of the 
piracy isn’t due to illegal file 
sharing over the Internet, but 
rather businesses that have ille- 
gally deployed software in ex- 
cess of license agreements. D 


Download Concerns 


PROBLEM: A survey released 
last week of 1,026 adults 
found that more than half of 
those who have downloaded 
commercial software seldom 
or never pay for it. 


SOLUTION: The BSA says 
education is the best too! for 


helping people understand 
that not all software is free. 





Licensing Deals Pose Pitfalls 


Users: Software firms 
use tough tactics to 
make up lost revenue 


| BY KATHLEEN MELYMUKA 


SAN FRANCISCO 


| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 


Frazza, who is a consultant to | 


ICN, said the best way for IT 
managers to protect their firms 
is to insist on using their own li- 
censing agreements. But that’s 
not always easy to do. “Vendors 
are getting more creative and 


| pushier about getting compa- 


Revenue-hungry software ven- | 


dors are trying to pump up 
their sales with licensing tac- 
tics that could be costly to un- 


attorney who spoke at a confer- 


nies to use their paper,” Frazza 
said, referring to the boilerplate 
licenses they typically use. 


Draw up your own agree- 


| ment and enlist the support 
wary users, according to an | 


ence here last week and some | 


users who were in attendance. 


Attorney Peter Frazza said 
this is a treacherous time to be | 
signing software contracts, be- | 


cause vendors are looking to 


pushing terms and conditions 


| that are unfavorable to users. 


These include provisions for 
frequent and invasive audits 
and vague performance guar- 
antees, Frazza said at the tech- 


| make up for weak sales by | 


of your CEO and legal depart- 
ment early in negotiations to 


show that you're serious, Frazza | 
| advised. He added 


that almost every 
major software ven- 
dor will negotiate, if 
pressed. 

Frazza said ven- 
dors are also trying 


to increase the number and in- 


nology procurement confer- | 


ence sponsored by Winter Park, 
Fla.-based International Com- 
puter Negotiations Inc. (ICN). 


vasiveness of software audits 
in hopes of uncovering breach- 
es of contract that will require 
additional payments by users. 
A yearly, notarized certifica- 
tion by a CIO of the number of 
employees using a software 
product should be sufficient to 


| satisfy a vendor’s audit re- 


| 
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| 


quirements, he said. 

Users should never let ven- 
dors connect with their sys- 
tems or allow “friendly audits” 
that aren’t required by a con- 
tract, Frazza advised. “That’s 
the most common phrase of 
2002, and it makes no sense,” 
he said. “Audits are not friend- 
ly. If the contract doesn’t give 


| them the right, never let them 


set foot in your company.” 
Frazza’s message resonated 


| with the audience of IT pro- 


curement managers. More 
than a dozen attendees said 
they’re seeing an increasing 
number of such vendor gam- 
bits this year. But none wanted 
to be identified. 

“'m_ seeing it 
and I’m hearing it 
from peers,” said 
an IT procure- 
ment officer who 

- works at a large 
insurance company in the 
Northeast. 

“We're doing a lot of those 
‘no-nos,” such as allowing 
vendors access to systems, said 
an attendee from a Midwest 
manufacturer. “But it comes 
down from the CIO, so there’s 
not much we can do about it.” D 
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You know just as good isn't good enough. Today's leading companies have to be greater than 
by a wide margin. At Sprint, we've got the network, the people and the services that can help y¢ 


inequalled and sustainable competitive advantage 


An intelligent network 

Advantage one: our network. It was It from the ground up as a unified whole. (No technological patchwork 
here.) That means we deliver unsurpassed reliability and interoperability, so you can leverage existing 
nvestments in systems and applications and migrate to our latest and greatest technology — like 3G mobile 
solutions for greater productivity — when you're ready. In fact, we're the only provider that owns 


both its own nationwide wireless and wireline access to your critical data apps 


A network of intelligence 

Advantage two: our people and services. We have over 2,200 technical and support professionals 

1,500 trained engineers. Plus, we're an industry leader in on-staff Cisco Certified Technicians and Certified 
Security Specialists. So what are all these people doing? Answering your questions. Building your customized 


applications. And working to help ensure your systems are safe and secure 


Greater competitive advantage — another sign of an intelligent network and the people who make it 


work (for you) 


For more ideas on building competitive advantage, access our library of 
white papers at sprint.com/whitepapers/11 or call 1-877-519-1709. 








HP Retooling Channel 


Sales/Partner Strategy 


Users await news on how HP/Compaq 
merger will affect products and support 


BY JAIKUMAR VIJAYAN 
EWLETT-PACKARD 
Co. may have been 
quick out of the 
gate with details 
about its postmerger product 
and services road map, but the 
firm is still fleshing out details 
of its channel sales strategy. 

The issue is important for 
users because it affects the 
way in which HP products will 
be sold and supported in the 
future, analysts said. 

Companies such as HP, IBM 
and Sun Microsystems Inc. are 
all trying to expand their direct 
sales efforts on the hardware 
front, said Laurie McCabe, an 
analyst at Summit Strategies 
Inc. in Boston. 

At the same time, they need 
to maintain channel relation- 
ships at the high end to help 
deliver complex technologies, 
she said. 

“What vendors such as HP 
are trying to do is elevate them- 
selves as much as possible into 
a primary contact position with 
customers, as opposed to be- 


ing called into play in a hard- | 


ware supplier role [by third 
parties],” McCabe said. 


Program Strategy Unclear 

As a result, one of the biggest 
questions raised by the merger 
relates to the future of HP’s 


Hard Deck program, under | 


which the company sells di- 


rectly to a designated set of 


customers. HP’s sales organiza- 
tion takes the lead on such 
accounts and brings in resellers 
needed. Channel 
partners are also awaiting word 
on a named-account 
program Compaq Computer 
Corp. had in place before the 
merger with HP. 

HP has said it intends to 
keep the Hard Deck principle 


only when 


similar 


in place to let channel partners | 


know exactly where it will sell 





directly. But partners want to 
know whether HP plans to ex- 
pand the number of customers 
it will go after directly and, if 
so, who the customers will be. 
“It’s OK if they expand the 
Hard Deck,” said John Sheaffer, 
CEO of Sysix Technologies 
LLC, an HP reseller in West- 
mont, Ill. “{[But] HP needs to 


tell us who’s going to be in the | 


Finance Industry Vulnerable 
To Terrorism, Experts Say 


Firms still working 
on recovery plans as 
attack threats loom 


BY LUCAS MEARIAN 
Amid recent warnings from 
Washington that more terror- 
ist attacks are inevitable, some 
experts say the financial ser- 
vices industry is ill-prepared 
to handle a second disaster 
because it’s still mired in 
disaster recovery following 
the Sept. ll attacks. 

Peter Vinella, CEO of Mia- 
mi-based Neoris FS, an IT and 
management consulting firm, 
said many of his clients whose 
data centers were destroyed 
in the attacks on the World 
Trade Center are still working 
their disaster 


from recovery 


sites, leaving them with no 
operational or data backup ca- 
pabilities. 

But Damon Kovelsky, an an- 
alyst at Meridien Research Inc 


in Newton, Mass., said he be 


lieves there are fewer data cen- | 
ters in Manhattan today than |¢ 


before Sept. ll. Most compa- 
nies have since made concert- 
ed efforts to geographically 








Hard Deck and what their en- 
gagement strategies are going 
to be [outside] the Hard Deck.” 

It is also important for HP 
to properly implement and exe- 
cute its new strategy of having 
separate channel organizations 
for its enterprise systems and 
for volume products such as 


PCs, notebooks and handhelds, | 


Sheaffer said. A similar initia- 
tive by HP a few years ago re- 
sulted in resellers having to 


do extra work to “gain traction | 
with each organization,” he said. | 


HP also needs to quickly 


| disperse their facilities 


“If someone flies another 
747 into downtown Manhat- 
tan, in certain aspects, there 


would be less of an impact,” | 


Kovelsky said. 


Financial services firms are 


less vulnerable to an attack 
because many brokerages and 
banks have relocated their IT 
operations to New Jersey, 
Kovelsky said, adding that 


| spell out who the key field- 
| level managers and account 
representatives of the respec- 
tive channel organizations will 
| be, said Geoffrey Lilien, CEO 
of Mill Valley, Calif.-based HP 
reseller Lilien Systems. 

“We have a lot of accounts 
where we work with HP, and it 


are going to be working with,” 
he said. 

The two channel organiza- 
tions were designed so that HP 
can support partners in a way 


business they do with HP, a 
company spokeswoman said. 
Resellers will have to deal 
with only one channel organi- 
zation instead of both, she said. 
In addition, HP won’t change 





| “no one is going to attack Jer- 
sey City.” 

Paul Honey, first vice presi- 
dent of global 


handle no than a 
weeks of use. Merrill Lynch, 
whose headquarters are across 


more 


Center, lost its primary site for 
about six weeks. It had set up 


week contingency plan, he said. 

Merrill Lynch moved about 
90% of its IT staff, roughly 
| 8,300 employees, to alterna- 
| tive sites, where some work- 





Protecting the Financial Marketplace 
Here are some potential regulatory requirements that could 


buttress the industry’s ability to react to disasters: 


BETTER long-term disaster recovery plans and capabilities, both 
within individual firms and across markets. 


GREATER security around the internal operations and disaster recovery 


capabilities of each firm 


RE-ENGINEERED intra- and interfirm processes, with less reliance 


on manual processes and paper. 


BETTER real-time monitoring of trading activity, to discover market 


manipulation. 


CENTRALIZED real-time recording of over-the-counter transactions. 


DEPLOYMENT of dedicated and highly secure interbank communications 
networks, with a dedicated wireless backup 


SECURE industry network and applications protocols that enforce 
security on the access and transaction levels. 


REAL-TIME trade confirmation and settlement. 


is important to know who we | 
| channel programs for 90 days. 


that best aligns with the mix of 





any channel programs for re- | 


contingency | 
planning at Merrill Lynch & | 

Co., said many firms had set up | 
| their disaster recovery sites to 
few | 


the street from the World Trade | 


secondary sites under a six- | 
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Going Through 
The Channels 


The effect of the HP/Compaq 
merger on the channel isn’t yet 
clear, but HP offers some insight: 


8 There will be no change to any current 


#8 HP will have two channel organizations: 
one overseeing enterprise sales, and the 
other in charge of volume technologies 
such as PCs and handhelds. 


# Channel partners will have new certifica- 
tion and knowledge requirements, espe- 
cially those selling enterprise products. 


sellers of both HP and Compaq 
for a period of 90 days, starting 
with the May 7 launch of the 
merged company, she added. D 


ers stayed for as long as three 
months. However, the bulk of 
its IT staff returned to head- 
quarters within six weeks. 

Cantor Fitzgerald LP, which 
lost 733 employees and its pri- 
mary data center on Sept. ll, in- 
sisted that it was prepared for a 
disaster then and is even better 
prepared now because its data 
centers are more dispersed. 

“The reality is that in order 
to have [a disaster recovery 
plan] work in a catastrophic 
scenario, you have to have used 
it before,” said Matt Claus, 
chief technology officer at 
eSpeed Inc., a business-to-busi- 
ness online marketplace and 
the IT services arm of New 
York-based Cantor Fitzgerald. 

Since Sept. ll, Merrill Lynch 
has performed a gap analysis 
of what it needs to respond to 
another disaster. 

“We're building resiliency 
into our day-to-day operations, 
looking at our real-estate foot- 
prints, business models and 
technical standards. These are 
tvpically things that 


ont get 


soivea overnight lake a 
while to implement,” Honey 
said. “But every day we get fur 
ther away from Sept. ll, we get 
a little more resilient.” D 


ana 


FINANCIAL SPECULATION 


Analysts consider the impact of a strike 
against the U.S. financial industry 
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f 
from Sprint. Visit sprint.com/whitepapers/11 or call 1-877-519-1709 








Palm Warns of Loss 


Santa Clara, Calif.-based Palm Inc. 
warned that it will report lower- 
than-expected revenue for its fourth 
quarter, which ended Friday. The 
maker of handheid devices said it 
did about $230 million worth of 
business in the quarter, down from 
a forecast that it would have up to 
$300 million in revenue. Palm also 
said it will report a loss for the 
quarter instead of breaking even 
as it had hoped to do. 


Payment Processor to 
Use IBM Systems 


Columbus, Ind.-based Total System 
Services Inc. (TSYS), which pro- 
cesses credit card transactions and 
other electronic payments, signed a 
five-year systems and support con- 
tract with IBM valued at $194 mil- 
lion. TSYS will install IBM's zSeries 
mainframes and its disk and tape 
storage devices. IBM said the new 
systems will make TSYS one of its 
25 top U.S. customers in terms of 
processing capacity. 


Dataquest: Qt Server 


Sales Down by 15% 


Worldwide server revenue fell 15% 
year to year during the first quarter 
to about $10.5 billion, according to 
Dataquest Inc., a unit of Stamford, 
Conn.-based Gartner Inc. San Jose- 
based Dataquest had said in April 
that shipments of servers in the 
quarter were fiat with last year’s 


level. The drop-off in revenue points | 


to a decline in the price of servers, 
according to the consulting firm. 


Short Takes 


The INTERNET CORPORATION FOR 
ASSIGNED NAMES AND NUMBERS 
in Marina Del Rey, Calif., said CEO 
Stuart Lynn plans to leave when his 
contract expires in March. . . . Mil- 
pitas, Calif.-based QUANTUM 
CORP. will pay $5 million to Oak- 
dale, Minn.-based IMATION CORP. 
to settle an antitrust suit related to 
tape drives that was filed last fall. 








Continued from page 1 


‘Skills Shortage 


| IT skills shortage is a myth 


perpetuated by big business 


and lobbyists trying to pre- | 
| serve the current employers’ | 
| market. 
“[The study] doesn’t seem to | 


jibe with the facts, so you ques- 


| tion if there’s a hidden agenda 
| or just a lack of judgment,” said | 


Ray Hooker, a networking con- 
sulting engineer at Cisco Sys- 
tems Inc. 

However, ITAA spokesman 
Bob Cohen said the report is a 


| forecast rather than an indica- 
| tor of current conditions. A | 
telephone-based survey of 532 | 
managers across a variety of | 
| industries found that compa- | 


nies are struggling to find 


| workers with technical exper- 
tise, domain knowledge and | 
| project experience, he said. 
“People’s frustration is un- | 
| derstandable, 


because times 


| have changed and it’s more dif- 


ficult to drive your career than 


| it was in 1999 and 2000,” said 
| Cohen. “But you can’t overlook | 
| what the requirements are or | 
| because the job listings typi- | 


what the hiring companies 


| views are.” 


One factor fueling the up- 
roar over the study is that the 


| Arlington, Va.-based ITAA is 


one of the nation’s biggest sup- 


| porters of the H-1B temporary 


~ NEWS © 


foreign visa program. 
Some critics charged that 
the skills shortage study was 


| Congress to raise the H-1B cap 
and flood the IT job market 
with lower-paid foreigners in 
order to drive down salaries. 
Hooker said he’s not op- 
added that many foreign work- 
more up to date on IT skills 


But, he said, American workers 


who are equally or more quali- 
fied are being shut out by an 
oversaturated job market. 





undercutting of existing [U.S.] 


workers,” said Hooker. “I re- | 


spect [foreign workers’] skills, 
but a 25-year-old with two 


year-old with two years’ expe- 
rience.” 
Tom Scott, president of the 


ly geared toward hiding the job 
shortage. Scott and others say 
they can tell the ads are phony 


cally ask for an impossible 
fications. “They want every 


acronym under the sun for $30 
| [an hour],” Scott said. 





' Another issue is an age-old | 


Converging Forces Drive Job Shortage 


While IT professionals dispute the 
idea of a skills shortage, they say 
the job shortage itself is very real. 

“It's no longer the land of milk 
and honey,” said Warren Mac- 
Queen, a Kansas City-area IT 
veteran who has been teaching 
programming courses at Johnson 
County Community College in 
Overland Park, Kan., and doing IT 
contract work since he was laid 
off from Sprint Corp. last fall. 

Due to lean corporate budgets, 
many companies are filling only 
mission-critical positions. As 
such, they're consolidating opera- 
tions and cutting jobs, overwork- 
ing existing employees and hiring 
temporary contractors to meet 
their needs, said MacQueen. 


Le essere 


MacQueen said he has seen 
many of his students drop cours- 
es because they can’t balance 
schoolwork with the 60-to-80- 
hour workweeks that have be- 
come the norm. 

“It's almost like demanded 
overtime,” said MacQueen. “The 
job market's too tight to play 
games with a job at this point.” 

Age discrimination is another 
factor at play, said MacQueen. At 
Sprint, he was mentoring workers 
with three to six years’ experi- 
ence, but MacQueen, 55, who 
was earning a higher salary, was 
the one let go. “The magic age” 
for IT workers in the industry is 25 
to 40 years old, he said. 

Tom Scott, president of the 





| just an attempt to persuade | 


| posed to the H-1B program and | 


with significant job experience | 
| some backing. Hiring man- | 
| agers 
| job-shortage/skills-shortage | 


“We wouldn't want to allow | debate, with some supporting | 


years’ experience is still a 25- | 
| company — because they’re | 
| being 
| deemed critical, said company 
San Diego Oracle Users Group, | 
is one of many skeptics of the | 
skills shortage who said he of- | 
ten sees phony job listings like- | 
| other companies, 


| ment 


combination of skills and certi- | 
| based Lockheed 

700 IT jobs, and it expects to | 
| fill about half that number this | 
year, said Peterman. Since the | 





| problem: human resources 
| professionals who lack IT 


skills but are responsible for 
filling highly technical posts. 
But that argument is always 


| used when the market is down, 


countered the ITAA’s Cohen. 


“In good times, [recruiters 
| are] brilliant, and in bad times, 
they don’t know what they’re | 
| doing,” he said. 
ers are better educated and |_| E 
| Different Perspectives 


than their U.S. counterparts. | 


Indeed, the ITAA’s conten- 


tion that companies are having | 


trouble filling jobs does have 


are split on 


the findings that were detailed 
in the ITAA’s report. 


At Delaware Investments in | 


Philadelphia, IT jobs are 


scarce — as are jobs across the | 


filled only if they’re 
spokesman Tom Gariepy. 
IT job openings at Lockheed 


though not as drastically as at 
said Don Pe- 
director of employ- 
for the company’s 
Delaware Valley Regional Re- 
cruiting Center. 

Last year, Bethesda, 
filled 


terman, 


about 


San Diego Oracie Users Group, 
said he’s amazed at how many 
highly qualified technology work- 
ers in his organization have expe- 
rienced lengthy, fruitless job 
searches. 

“I'm at a quandary,” said Scott, 
who teaches an Oracle class at 
Mission Bay High School in San 
Diego. “I don’t know what to tell 
the kids. I'd love to say, ‘This is a 
great profession and you should 
go for it.”” 

But the odds are that only five 
out of 30 of them would find 
work, he added. 

At the very least, said Mac- 
Queen, the economy needs to 
stabilize so that companies will 
open their wallets again and stop 
trying to cut corners when it 
comes to labor costs. 

~ Melissa Solomon 





the | 





Md.- | 
| find very specialized people,” 
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Factors Driving 
IT Job Shortage 


= Corporate consolidation 
resulting in job cuts 


= Former dot-com employees 
flooding the corporate IT 
market 

= Slashed IT budgets that fund 
only mission-critical projects 


= Employers cutting experi- 
enced, high-paid workers, 
and replacing them with 
younger, lower-paid workers 


= IT departments pushing 
employees to work longer 
and harder 


® Companies hiring temporary 
contractors and pushing 
work overseas 


middle of last year, every job 
opening at the company has 


| generated a flood of résumés, 
| with more than enough quali- 
| fied candidates, he added. 

Martin Corp. are also down, | 
| candidates to fill open posi- 


Still, finding qualified IT 


tions is a big challenge, said 
Nicole Tucker, a recruiter at 
Philadelphia-based Peco Ener- 
gy Co., a subsidiary of Chica- 
go-based Exelon Corp. 

“It’s really tough for us to 


she said, adding that applicants 
for the eight to 10 high-level IT 
jobs that open each year lack 


either degrees or business 


| knowledge and project man- 
agement expertise. The com- 
+ | pany often decides to hire its 
i | contractors for full-time jobs 


because they have developed 
the right skill sets while at 
Peco, Tucker added. 

Kathy Walters, vice presi- 
dent of IT at Exelon’s energy 
division in Philadelphia, said 
her unit is fully staffed now. 


| But when positions do open up 
}| in the division, Walters said, 


she gets many résumés but few 
from qualified candidates. 

“Finding the right match for 
what you have to spend is 
tough,” Walters said. D 


KNOWLEDGE CENTER 


Careers: Visit our Web site for more 
coverage of IT hiring issues. 
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The next generation of hp ProLiant technologies: 
A better way to make your business move faster. 


Today's |.T. infrastructure eats up a lot of things: People. Money. Time. But 
those vital resources can all be maximized with an infrastructure that adapts 
more quickly to change. And ProLiant server technologies can make that 
adaptive infrastructure a reality. 


The next generation of ultra-dense ProLiant BL Series servers with Intel 
Pentium’ Ill processors makes deployment a simpie matter of unpacking, 
plugging in, and clicking a mouse. So it happens in minutes, instead of tying 
up your key people for days. And with ProLiant Essentials Rapid Deployment 
software, an O/S or application upgrade can now be downloaded to all 
servers companywide by one person. It’s faster, more flexible technology that 
will speed up your whole business. Our people can show you how 


For more information and a White Paper, 
call 1-800-282-6672, press 5 and mention 


code TGU or visit www.hp.com/solutions/ai iy ® 


invent 


pentiume/// 
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Credit Data Theft Shows Security Risks of Partnerships 


BY JAIKUMAR VIJAYAN 
rhe recent theft of 13,000 cus- 
from the sys- 


tomer records 


tems of a major credit report- 


shows the impor- 
tance of ensuring that business 
partners are following strong 
data security ctices, IT mar 


Increasing the speed of your network is at the core 


of what Finisar has been offering its customers for 


over 


CT e Oe a YC) ae) ae- Tae aT) 


and performance testing products ensure-optimum 


performance through constant monitoring, measur 


ing and analyzing to locate problems and fix them 


before they impact your company 


agers and analysts said 

Ford Motor Co.’s financing 
subsidiary disclosed last month | sonal information, includi 
that someone had used an au- cial Security nun 


thorization code belonging to 
Ford to illegally download per- 


Power. Precision. Protocol Analysis. 


We Jisten to our customers, creating products that 
are flexible and scalable to grow and evolve with 
your needs, along with the requirements of LAN to 
SAN. No other company offers products as easy-to 


use and easytoimplement 


Are you ready to run your network. at full speed? 


Finisar 


Wi bCb ear hay 
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credit histories, collected by 
Experian Information Solutions 
Inc., which has its U.S 
quarters in Costa Mes 

Although Dearborn, Mich.- 
based Ford Motor Credit Co. 
said it’s not clear whether the 
unauthorized code use involved 
a hacker breaking into its sys- 
tems, some analysts said the 
case serves as a fresh reminder 
that companies should miti- 
gate their exposure to such 
security breaches both inter- 
nally and at the companies 
with which they do business. 

That means insisting on pe- 
riodic security audits and vul- 
nerability assessments of all 
business partners and _ third 
parties with which a company 
has IT lin aid John P 
tore, an analyst at Gartner Inc. 
in Stamford, Conn. 


Third-Party Caution 

Watson Wyatt Worldwide 
performs security audits on all 
of its outsourcing vendors, said 
David C. Hollingsworth, direc- 
tor of enterprise applications 
at the Washington-based hu- 
man resources and financial 
management firm. 

“We're concerned 
with security whether 
it’s with our own network or 
with services outsourced to a 
third party,” Hollingsworth said. 
“For all our third-party arrange- 
ments, we have very specific 
requirements on physical sep- 


always 


risks, 


aration, trust relationships and 
security procedures.” 
Portland Ore.-based 
dence Health System, which 
operates hospitals in four 
western states, keeps external 
log-ins to its systems disabled 
by default. External users must 
call and have the IT depart- 
ment enable access before they 
can get into the organization’s 
servers, said David Rymal, di- 
rector of technology at Provi- 


Provi- 


| dence Health Syste 


But companies sometimes 
fail to take such steps because 
of the additional cost and ef- 
fort that’s involved, said Pete 
Lindstrom, an analyst at Fram- 
ingham, Mass.-based Hurwitz 
Group Ir That’s a mistake 
that could lead to lawsuits 
charging companies with fail- 
ure to perform due diligence, 
Lindstrom warne 
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HP,SuntoClese 
US. Ofces for Week 


Hewlett-Packard Co. and Sun Mi- 
crosystems Inc. both said they plan 

to close their U.S. offices during the 
first week of July in an effort to save | 
money. HP’s shutdown will affect its | 
own facilities as well as the ones it 
acquired as part of its purchase of 
Compag Computer Corp. But an HP 
spokesman said sales and support 
workers will be available “where re- 
quired” to meet customer needs. 


Nortel Cuts Q2 
Outlook, More Jobs 


Nortel Networks Corp. said its sec- 
ond-quarter revenue could be down 
as much as 5% year to year, a 
change from an earlier forecast that 
business would be flat compared 
with the year-earlier level. Brampton, 
Ontario-based Nortel also increased 
layoff projections for its optical net- 
working components unit from 1,500 
workers to 3,500 and said it may put 
that operation up for sale. 


Peregrine, Auditor 
Part Over Sales Deals 


Peregrine Systems Inc., which is re- 
stating financial results for its past 
three fiscal years, dropped KPMG 
LLP as its auditor less than two 
months after hiring the New York- 
based firm. The move came after 
KPMG notified San Diego-based 
Peregrine that about a third of the 
$100 million in questionable sales 
transactions identified by the audi- 
tors were with KPMG itself or with 
its former IT consulting business. 


Short Takes 


| tual private network offerings | 
are central to the company’s | 





| controller 
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WorldCom Pins Hopes 
On IP Data Services 


| ing, according to Sidgmore and 


key to company’s turnaround efforts 


BY MICHAEL MEEHAN 


FFICIALS at World- 
Com 
week 


Inc. 
said 


vices and IP vir- 


turnaround strategy. But they 
acknowledged that 


vices at the prices users are | 


currently paying. 


nications firm is due to divulge 


| its full plan of action later this 


month. During a_ teleconfer- 


ence last week, 


it’s hard | 


| to make money on those ser- 


WorldCom | 
| CEO John Sidgmore said he 
| wants to sell off more than 
$1 billion in assets by year’s | 
end in order to raise cash and | 
| “make the company less com- 
plex.” Various real estate and | 


international business hold- 


| ings are likely to be liquidated. 
last | 
that | 
Internet data ser- | 


Sidgmore, who replaced 
ousted CEO Bernard Ebbers in 


| other executives. For example, 
from 


WorldCom’s revenue 
data and Internet services de- 


| clined slightly during the first 


late April, also repeatedly tout- | 


| ed WorldCom’s Internet back- 


bone network and cited steady 


growth in the number of cor- | 
porate data-services customers | 
the company has signed up | 


during the past 12 months. 


But Sidgmore didn’t promise | 


| that the turnaround plan will | 
The embattled telecommu- | 


translate into a rapid improve- | 


ment in WorldCom’s financial 


results. “Ultimately, we need to | 


prove we can take this com- 
pany into a growth position 


| again,” he said. “That may not 


happen in the real near term. 


It’s nuclear winter in the tele- | 


com industry right now.” 


Current pricing levels for | 


network services aren't help- 


Intel Ends InfiniBand Chip 
Work, but Impact Unclear 


| New technology 


for server I/O still 


seen as promising | 


| the 


| BY LUCAS MEARIAN 
| Intel Corp. last week disclosed | 


that it’s killing plans to develop 
chips for Infini- 


| Band, an emerging I/O tech- 


Carlsbad, Calif.-based DOT HILL 
SYSTEMS CORP. said it will make 
private-label storage devices for 
SUN MICROSYSTEMS INC., which 
in turn can buy up to 5% of Dot 
Hill's stock. . .. Paris-based ALCA- | 
TEL agreed to buy TELERA CORP., a | 
Campbell, Calif.-based developer of | 


voice self-service technology. 


| nology designed to support 
| high-speed server clustering 
and connections between sys- | 


tems and storage devices. 


But analysts said they’re still | 
| bullish on InfiniBand’s poten- | 


tial with users, even though In- 


| tel was one of the original de- 
| velopers of the specification 


and a founding member of the 


Portland, Ore.-based _Infini- 


| Band Trade Association. 


Because of Intel’s 
and its early involvement in 
development of Infini- 
Band, the company’s decision 
“is an image blow. There’s no 
question about that,” said 
Jamie Gruener, an analyst at 
The Yankee Group in Boston. 

Nonetheless, Gruener 
others said Intel’s pullout was 
strictly a 


stature 


business decision 
based on looming competition 
from other vendors that are 
developing faster InfiniBand 
chips than it had in the works. 
Intel was backing a single- 
wire, or lx, version of Infini- 


quarter on a year-to-year basis, 
to $2.75 billion. 


Period of Adjustment 


Ron Beaumont, WorldCom’s 
chief operating officer, said 
current charges of $100 per 
megabit for data center IP con- 
nections are below cost. He 
added that WorldCom is try- 
ing to convince corporate cus- 
tomers to sign shorter-term 
services contracts in order to 
give the company more flexi- 
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bility to adjust its pricing. 

A spokeswoman said World- 
Com wants to shorten some 
deals to one to two years, down 
from up to five years now. 

Eileen Eastman, an analyst at 
The Yankee Group in Boston, 
said WorldCom is right that 
data and IP services are the 
wave to ride into the future. 
But she noted that users face 
migration issues on many of 
those services. 

“People aren’t going to rip 


| Out frame-relay systems that 


they’ve been running for years 
just because they can replace 
them with an IP product,” 
Eastman said. 

But when WorldCom details 
its turnaround strategy, East- 
man said, users will be able to 
judge whether it has come up 
with a reasonable method of 
leveraging what Sidgmore 
called “the largest Internet 
backbone in the world.” D 


RECOVERY PROCESS 
CME Cer CR UCR OUT RUC es emir Tulle 
John Sidgmore as its new CEO: 


May 21 
Set plans to eliminate 
tracking stocks 
for its WorldCom and 
MCI groups 


| IBM and Santa Clara, Calif.- | 


based Mellanox Technologies 


Inc. have said they plan to 


| come out with chips that sup- 


and | 


port a 4x speed (see box). 


or 4x debate, and IBM 


ahead of it technology-wise.” 
InfiniCon is one of dozens of 


| vendors that plan to deliver 
| InfiniBand-based products 
| within the next year. The com- 
“{Intel] bet wrong on the Ix | 


and | 


Mellanox bet correctly,” said | 


Chuck Foley, CEO of InfiniCon 


Systems Inc. in King of Prussia, | 


Pa. “Even the giants can’t do all 


things, and Intel finds itself | 


vying against two very well- 


| devices 


funded competitors that are far | 


I/O Download 


InfiniBand is a switched serial I/O fabric 
designed to widen the pipeline between 


servers and storage devices 


The technology is intended as a replace 


ment for PCI-X buses, which have top data 


| rates of 1G bit/sec 


Band, but companies such as | 


Signaling rates for InfiniBand are expect 
ed to range from 2.5G bit/sec. (1x version) 
to 10G bit/sec. (4x version) 


pany expects to ship a shared 
1/O subsystem in the third 
quarter that ties InfiniBand- 
enabled servers to Fibre Chan- 
nel and Ethernet networks. 
InfiniBand is a point-to- 
point architecture that lets I/O 
communicate 
dedicated channel in order to 
improve scalability, reliability 
and performance. The technol- 


on a 


| ogy is envisioned by backers as 
| a replacement for the Periph- 


eral Component Interconnect 


| (PCD bus now used in servers. 


An Intel spokeswoman said 


| the company no longer plans 
| to produce chips for Infini- 


Band host controller adapters. 
Instead, it will focus on PCI 


| Express, a high-speed link for 
| connecting different chips 


within individual servers. D 
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Microsoft is a member of the 


Organization, an open 
interoperability across platforms, applications 
languages. To learn more about WS-l, its mem 


bers, and its implementation tools, visit ws-i.o 


Web Services Interoperability 


ndustry effort to promote Web services 


ind programming 
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Using .NET connected software, they 
are connecting their 650 FYE retail music and video stores in 46 
states; 25,000 in-store listening and viewing stations to servers 
housing 200,000 audio tracks and 10,000 movie trailers; and 


their Web customers to personalized content at FYE.com 


NET has enabled us to achieve widespread brand distribution 


eved tn across a broad range of touch points 


iicrosoft.com enterprise ar ogan, VP of Marketing, Trans World Entertainment 
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systems. .NET connecte 
gate. You have a commo 
and applications, so informa 


extranets to those who need it 


“We've already seen significant incremental revenues and 


expect the trend to continue as we leverage the .NET platform 


to strengthen and extend our business model 


Peter Osbourne, Group Manager, Advanced Tect ¢y Group. Dollar Rent A Car 


The result is 
that reduces t 
business to 
Dusiness partners, and employees dire 


they need, you streamline operations ar 


more agile, responsive, and product 


NET connected 
software iets you build flexible, seamless connections between 
your back-end data and front-end systems. This allows you to 
close the loop with your customers, deliver more relevant content 


and build more dynamic relationships 


NET connected software helps you first integrate your own 
applications, and then quickly and cost-effectively integrate 
your systems with those of your business partners, vendors 


and suppliers 


NET connected software makes it much easier to let employees 
unlock the information value stored in your infrastructure. Not 
only will they have access, they can also begin using powerful 


analytical tools to empower themselves and others 
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—including Accenture, Avanade, Cap Gemini 

Ernst & Young, Compaq Global Services, Deli, EDS, KPMG 
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| feel reassured knowing HP is behind me, ready t 
step in, should another disaster like that strike ag 


you're not prepared for one. Its a lesson you don't want to learn the hard way. Then again, its not every 


day that a serious hurricane makes landfall at your data center. But 


after being forced to brave the fury delivered by “the storm of the 


century” in order to prevent total loss of mission critical data—the folks 
at the IT service center of Mitsubishi Chemical America, Inc. knew 
they needed a backup plan. 

They turned to HP. Rather than recommend a totally redundant 
backup data center in another location, HP worked with MCA on a 
more creative solution involving HP servers, storage, software and 
support services. 

Together, they developed a plan that not only involved on-site 
recovery services but actually utilized HP’s own disaster recovery 
center. HP even helped MCA through several disaster recovery 
rehearsals—just to make sure there would be no surprises next time 
the unthinkable happened. 

HP infrastructure solutions are engineered for the real world 
of business. Because the last time we checked, that's where we all work. 
Call 1.800.HPASKME, ext. 246. Or visit www.hp.com/go/infrastructure. 


Infrastructure: it starts with you. 








MARYFRAN JOHNSON 


Celebrating [IT Heroes 


HIS TIME AROUND, there is a greater 
poignancy to the theme of our annual 
Computerworld Honors program: “The 
Search for New Heroes.” The everyday 
miracles accomplished by IT organiza- 


tions everywhere — so 
easy to overlook in this 
battened-down economy 
— clearly play a more no- 
table role in the weight- 
ier concerns of a changed 
world. 

Tonight in Washington, 
at a fancy awards ceremo- 
ny in a beautiful old 
building, Computerworld 
will name a handful of 
winning IT projects and 
programs, winnowed 
from 59 international finalists. They 
cut across a broad swath of indus- 
tries, from business, manufacturing 
and medicine to academia, govern- 
ment and science — all of them 
nominated by the CEOs of leading 
technology companies. But whether 
these finalists win and take home a 
lovely hunk of crystal doesn’t matter 
much, really. What everyone should 
remember is the innovation, the en- 
ergy and the creativity behind every 
one of these IT projects. 

Starting on page 26, we've profiled 
a few of the finalists in this year’s 
Honors program. Just reading the 
brief descriptions of some of their 
accomplishments makes your throat 
choke with emotion and remem- 
brance. Consider, for example, the 
team of 15 IT managers and engi- 
neers from the Port Authority of 
New York and New Jersey who kept 
traffic flowing — and emergency 
crews moving — in the aftermath of 
the Sept. ll attacks. They worked 
24/7, slept in their cars and fought 
back their own grief for 75 col- 
leagues lost in the collapse of the 
World Trade Center towers. They 
probably never felt like IT heroes. 
They saw work that needed doing, 
and so they got it done. 


MARYFRAN JOHNSON is 
editor in chief of Comput- 
erworld. You can contact 

her at maryfran_johnson@ 
computerworld.com. 





From the other side of 
the world, we will honor 
projects that advance our 
global understanding. 
Like the technology- 
based distance learning 
made possible to 15 sub- 
Saharan countries 
through the African Vir- 
tual University. Or the 
Rhinowatch project, the 
first full-blown census of 
the rare white rhinocer- 
os, accomplished 
through pattern recognition of digi- 
tal images. 

On the medical frontier, we'll ad- 
mire the work of Operation Lind- 


| bergh, which has broken new ground 


in enabling robot-assisted telesur- 
gery across the Atlantic Ocean. Us- 
ing advanced communications tech- 
nologies, the actions of a French sur- 
geon based in New York were trans- 
mitted to a Strasbourg operating 
room, then the video image was 


THEY DIDN'T MENTION 
THis FRESHMAN “YEAR. 





bounced back to New York in less 
than a fifth of a second. 

In the field of techno-science, we'll 
highlight the work of astrophysicist 
Geoffrey Marcy at the University of 
California, Berkeley, and the way the 
customized code and algorithms he 
and a colleague created eventually 
led to the discovery of dozens of 
planets beyond our solar system. 

Closer to home, we find our every- 
day IT heroes behind the technology 
that built www.icouldbe.org, where 
hundreds of career mentors and 
guidance counselors are now avail- 
able online to counsel at-risk teen- 
agers; or at the U.S. Department of 
Defense, whose Java-based security 
project will distribute 4.3 million 
multifunction smart ID cards to 
military and support personnel. 

Our search for high-tech heroes 
has been under way since the Com- 
puterworld Honors program debuted 
in 1988. Each year, the technologies 
have scaled to greater heights and 
enabled more dazzling displays of 
the power and promise of IT. But 
never once have they outpaced the 


human spirit behind them. D 





To find a complete archive and more information about 
the Computerworld Honors Program, go online to 
@ www.cwheroes.org 
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PIMM FOX 


II; Business 
Intelligence 
In Harmony 


HERE’S SO MUCH 

noise generated by ex- 

perts chanting the “in- 
formation is key to business 


success” mantra that it’s a 
mush of jazz, rock ’n’ roll and classical 
instead of a single piece of music. 
Certainly information is a vital part 
of every business, but we all wince at 
the sight of piles of reports on our 
desks. Now IT aims to pick up where 
those stacks of green-bar computer 
printouts left off. 
No longer will 
anyone comb 
through pages to 
assemble charts, 
tables and 
graphs of sales, 
revenue and ex- 
pense reports. 
Business intel- 
ligence vendors 
such as Cognos, 


PimM FOx is Computer- 
world's West Coast 
bureau chief. Contact 
him at pimm_fox@ 
computerworid.com. 


sions Inc. and 

Business Objects Inc. combine various 
Internet-based technologies with thin 
clients to push business reporting tools 
further down into a company’s opera- 
tions, making it possible for line per- 
sonnel to have the reports they need 
along with sophisticated analytics. 

At ice-cream maker Ben & Jerry’s, 
access to graphically presented reports 
by departments such as marketing, 
sales and manufacturing comes cour- 
tesy of business intelligence software 
from Business Objects. Hard-copy re- 
ports are out. Outwardly facing Web- 
based connections to back-end sys- 
tems are in. 

A line manager checking a parts in- 


} ventory or an accounts-payable clerk 


looking to see which invoices must be 
paid don’t need two separate IT sys- 
tems. For strategic thinkers, access to 
different versions of a report (who says 
you can’t slice and dice information?) 
means there’s no excuse for depart- 
ments not knowing the overall picture. 
Connecting to larger-scale ERP and 
CRM systems from Siebel Systems, 





For more columnists and links to archives of previous 
columns, go to 
@ computerworld.com/columns 
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SAP and PeopleSoft is easier thanks to 
TCP/IP connections and the general 
openness of LANs and WANs. As a re- 
sult, more people have cost-effective 
access to the network. 

Tools from vendors such as Crystal 
Decisions can be a part of the IT infra- 
structure if your company lives by the 
reports it uses. 

But there are some IT details to in- 
vestigate. How does the business intel- 
ligence system schedule data extrac- 
tion? Can you gather data from multi- 
ple locations? How about from dis- 
parate systems? Determine how diffi- 
cult data integration will be before you 
go soft at the knees drooling over the 
myriad reports and formats you can 
click through. 

Check for sign-on functions that in- 
tegrate with existing security roles, 
and ask about database drivers (ODBC, 
MDX and COM objects) to make sure 
yours are supported and work. 

Business intelligence can be a har- 
mony, but for that to happen, IT’s got 
to pick up the conductor’s baton. B 


THORNTON MAY 


Steps Toward 


Improving 
I'l Bosses 


N 1997, I examined why IT 

professionals at estab- 

lished companies changed 
jobs. Managers erroneously 


believed that the top reason 
people quit was money. They were 
wrong then, and they would be wrong 
today. I find that the top reason people 
quit can be summed up in this sen- 
tence: “I won’t work for a jerk.” 

In corporate IT, “jerk bosses” come 
in three flavors, which I categorize in 
descending order of “jerk intensity:” 

@ The “Bad Leader” Jerk, the uber- 
jerk of the IT workplace. 

@ The “We’re Too Busy to Look 
Where We're Going” Jerk, a middle-of- 
the-road kind of jerk — not incompe- 
tent, simply myopic and self-absorbed. 

@ The “When the Work Is Done, I 
Promise” Jerk. He’s not really a jerk, 
just a hard worker who can’t keep up 
with the pace. 

A poignant example of a Bad Leader 
jerk comes from David Masiel’s new 
novel, 2182 kHz, (Random House), in 
which the reader meets a tugboat cap- 
tain known as the Chemist. The 
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Chemist prowls the deck, 
screaming at his crew, “Do 
things!” This sounds fright- 
eningly familiar to many IT 
workers. 

Walk through IT shops to- 
day and you don’t find much 
joy. Many CIOs’ direct re- 
ports and next-level IT man- 
agers are stressed out, physi- 
cally exhausted and con- 
cerned that top executives 
aren't doing the right thing 
or taking the company in the 
right direction. This is the 
workplace presided over by 
the We’re Too Busy to Look Where 


THORNTON MAY is 4 Se- 
nior member of Toffler 
Associates Inc., an 
Manchester, Mass., ex- 
ecutive advisory firm. 
Contact him at 
tmay@toffler.com. 


The When the Work Is 
Done, I Promise boss rec- 
ognizes the value of career 
and skills development. But 
that’s promised to key re- 
ports only when the work- 
load becomes more man- 
ageable. Unfortunately, the 
IT workload, like the uni- 
verse, is expanding at an 
ever-accelerating rate. The 
customer continues to re- 
quire more secure, priva- 
tized, customized and 
economized (read: afford- 
able) 24/7 support, and ful- 


| filling that consumes an immense 


We're Going boss, an individual so ab- | amount of time and labor. 


sorbed with managing senior manage- 
ment’s perception of IT’s execution of 
the little things that he has no time to 
think about or discuss the bigger pic- 
ture of where IT is going and why. Per- 
petually focusing on “whats” and 
“hows” rather than “whys” and 


The bottom line is that good people 
will migrate to good work environ- 
ments. If yours isn’t a good environ- 
ment, you'll lose your good people. So, 
here’s my advice to companies and 
their IT organizations: 

1. Grow a backbone and dump bad 


23 


2. CIOs should proactively develop 
the next generation of leaders by get- 
ting them to focus on next-generation 
problems. 

The typical CIO parses his workload 
into three boxes “Do Now” (such as, 
cut costs), “Do Next” (such as, presell 
enterprise security strategy to senior 
management) and “Do Later” (such as, 
deploy biometric ID/access manage- 
ment tools). Each IT organization 
needs to launch a “Next Generation of 
IT Leadership” program, a forum in 
which direct reports and next-level 
managers can think about future IT 
problems, then suggest ways they 
might solve them. 

By combining career development 
and empowering IT managers to help 
chart a course for the organization, a 
CIO can create new energy and enthu- 
siasm and creatively address ahead of 
time problems his organization and 
company might face in the future. That 
would go a long way toward avoiding 


| context of a single memo, 


“wheres” can destroy souls. 


The Navy and Its Intranet | 


OUR RECENT article 
on the status of the 
Navy/Marine Corps 


Intranet (N/MCI) program 
did a great disservice to the 
Department of the Navy, 
EDS and your readers 
(QuickLink: 29843]. In reali- 
ty, the program is on solid 
footing. EDS has successful- 
ly passed the mandated test- 
ing phase for the program, 
and the Department of De- 
fense earlier this month 
granted the Department of 
the Navy authority to order 
an additional 100,000 seats. 
While there are significant 
hurdles to clear in a program 
of this size and scope, we 
have cleared them and are 
moving toward full imple- 
mentation. 

Despite both the Depart- 
ment of the Navy and EDS 
repeatedly explaining to 
your reporter the proper 


you chose to take this memo 
out of context and portray it 
in an inflammatory manner. 
Several other news organi- 
zations looked at the same 
memo and concluded that 
its contents needed to be 





leaders. 


ans 


placed in their proper con- 
text. While they published 
balanced accounts, your ap- 
proach was unfair at best. 


| Rick Rosenburg 


EDS client executive 
N/MCI program 
Herndon, Va. 


DM. MUNNS has cor- 
rectly diagnosed the 
cultural change that 


must be implemented before 
N/MCI will succeed. As he 
said in your article [Quick- 
Link: 29642], “the largest 
cultural challenge is the re- 
placement of local control 
with centralized policy, stan- 
dards and control of re- 
sources.” Unfortunately, 
what Munns and other lead- 


| ers don’t seem to recognize 


is that a large-scale, long- 
term experiment in central- 
ized policy, standards and 
control of resources took 
place between 1917 and 1989. 
The results were a dismal 
failure, since the centralized 
decision-makers couldn’t 
possibly know enough about 
the needs of the people to 
make good choices. Visible, 
powerful organizations and 
people received sufficient 
resources; all the rest were 








ignored. That appears to be 
happening in the process of 
the N/MCI transition. Sim- 
ple requests are being ig- 
nored or put on hold, neces- 
sary tools are being consoli- 
dated out of existence, and 
useful programs are being 
eliminated out of a numbers- 
driven desire to “reduce 
legacy applications” without 
detailed knowledge of how 
or why they are being used. I 
am in the trenches and 
working to provide good IT 
support to the workers in my 
organization, but I must ad- 
mit that doing so sometimes 
requires skills that we used 
to call “cumshaw” when I 
was going to sea. For readers 
who aren’t well versed in 


| Navy slang, cumshaw is a 


way to get a job done with- 
out going by the book. 
Cmdr. Rod Adams USNR 


| Washington 


What Certification Does 


OUR STORY on the 
worth of Java certifi- 
cations [QuickLink: 


29401] missed the point. Cer- 
tification doesn’t measure 
how experienced you are in 
developing software, nor 


or shedding a “jerk” tag. D 


does it illustrate what kind 
of worker you are, how you 
handle stress on the job or 
how you interact with co- 
workers. That’s what ré- 
sumeés, interviews and refer- 
ences are for. Attaining cer- 
| tification in Java technology 
| demonstrates your knowl- 
edge of the technology and 
all its facets. Java certifica- 
tion can provide some assur- 
ance that a consultant has 
knowledge of the platform. 
Does it mean he’s a Java ex- 
pert? No. It means he has a 
well-rounded understanding 
of the basics of the platform. 
Eric Sheffer 

Senior technologist 

RemoteSite Technologies Inc. 
Albany, N.Y. 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701. 
Fax: (508) 879-4843. Internet: 
letters®computerworld.com. include 
an address and phone number for 
immediate verification. 
For more current letters on these and 
other topics, go oniine to 


| @computerworid.comy/letters 








WITHIN 72 HOURS of the Sept. 11 attacks, the IT team at-the Port Authority of New York and New Jersey had restored the E-ZPass electronic toll system, helping to keep traffic flowing in and 
out of Manhattan, Pictured here, against the backdrop of the George Washington Bridge, are (from left) Michael Huerta, Walter Kristlibas, Ken Philmus, David Raines and Ernesto L. Butcher. 
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PORT AUTHORITY OF 
NEW YORK AND NEW JERSEY 


IT Team Goes 
Above and Beyond 
In Sept. 11 Aftermath 


To help keep traffic flowing, 
IT engineers and managers worked 
to bring E-ZPass back online 


BY MATT HAMBLEN 
Among the stories of perseverance in the face of 
tragedy that unfolded on Sept. 11 was the tale of IT 
workers at the Port Authority of New York and New 
Jersey who struggled to restore a piece of normalcy to 
the city while dealing with their own personal loss. 
Wher the first jetliner struck the North Tower of 
New York’s World Trade Center that morning, it tore 
into Port Authority headquarters, which housed 2,000 
staffers and the central host servers for the E-ZPass 
electronic toll collection system. When the North 
and South towers collapsed, 75 Port Authority work- 
ers were among the more than 2,800 who perished. 
In the hours and days that followed, a team of 15 
IT managers and engineers banded together to over- 
come emotional trauma and logistical and communi- 
cations nightmares to recover the toll system, help- 


ing to ensure the flow of traffic, including emergency | 


vehicles, into and out of Manhattan. 

“Certainly, getting E-ZPass back was useful for us 
to get revenue back. But symbolically, the restoration 
had greater value,” says Ernesto L. Butcher, the Port 
Authority’s chief operating officer. Restoring the 
system was evidence that the region and the agency 
were “getting back to normal,” he says. 

Included in the estimated $3.5 billion in buildings 
and equipment lost that day were the two Compaq 
Computer Corp. Alpha 4100 E-ZPass host servers. On 
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a normal day, the E-ZPass system wirelessly captures 
more than 340,000 toll transactions from 74 traffic 
lanes on several New York and New Jersey bridges 
and tunnels — about two-thirds of the total vehicles 
passing between the states. Were the systems not 
quickly restored after Sept. ll, those tollbooths might 


| have been mired in traffic, delaying the emergency 


crews and recovery trucks hauling away debris, says 
Walter Kristlibas, E-ZPass program director. 

Routers and Tl connections between the host 
server and the toll lanes, and between the host and 
customer service center, were lost. Phone lines and 
cellular connections were crippled. 

But the Port Authority and its contractor, ACS 
State and Local Solutions Inc. in Washington, had 
designed a system to handle such interruptions. 
Each E-ZPass lane was equipped with a reading 
device, an antenna and a ruggedized computer capa- 
ble of storing days of transactions. 


The Port Authority had drilled for disaster recovery, 


a precaution that wasn’t undertaken at enough com- 


panies, says Zeus Kerravala, an analyst at The Yankee 


Group in Boston. “Most companies didn’t have a 
backup plan or didn’t test it and take it seriously.” 

The 1993 bombing of the World Trade Center had 
spurred E-ZPass engineers to install backup comput- 
ers at a remote site on Staten Island. Team members 
worked around the clock gathering recent data from 
each toll lane — sleeping in their cars and fighting 
back emotion. “There were tears coming out of your 
eyes, but there was a certain thing you had to do, 
and it overrode the worries,” Kristlibas recalls. 

Within 72 hours, the backup was reconfigured and 
transactions were again accepted. The team also 
altered the system to excuse all toll fees for several 
days following the disaster. B 





| MANAGING IN A CRISIS 


Read how the leadership skills of Port Authority IT managers 
were put to the test in the days following Sept. 11 
QuickLink: 30139 
www.computerworld.com 
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2002 
Finalists 


One winner in each category 


will be announced June 3 
at a ceremony in Washington 


BUSINESS & RELATED SERVICES 
= Iron Mountain Inc.: An electronic archive offers 
customized indexing and Web-based retrieval of individual 
documents, thus managing regulatory compliance. 
= NeuStar Inc.: A provider of clearinghouse services to 
telecommunications and Internet service providers enables 
network interoperability and convergence. 
= Nuance Communications: Through a network pow- 
ered by voice recognition, users access e-commerce and 
personal communications services from any phone. 
w Raytheon Co./C3i Inc./Silent Runner Inc.: Con- 
stant monitoring of complex network events alerts compa- 
nies to potential misuse or theft of data from within. 
= UPS Logistics Group: Using its own physical assets, 
the delivery company offers supply chain management ser- 
vices to major corporations, thus increasing their efficiency. 
= Yahoo Inc.: A comprehensive suite of services in a cen- 
tralized online location allows people to meet, communicate, 
exchange information and organize their lives via the Web. 


EDUCATION & ACADEMIA 
« African Virtual University: Responding to the need 
for higher education in sub-Saharan Africa, learning institu- 
tions in North America and Europe use technology-based 
distance learning techniques to provide resources to 15 
African couniries. 
a Compaq Computer Corp./Boys & Girls Clubs of 
America: Technology centers within the Boys & Girls clubs 
broaden access to technology and prepare youth to suc- 
ceed in the job market. 
a ETS Technologies Inc.: Automated test scoring tech- 
nology applied to more than 1 million essays has reduced 
reporting time and costs while maintaining score accuracy. 
= Highwood Hills Elementary School: Computer ac- 
cess for students helps realize the potential of technology 
and yields improvements in test scores. 
= University of Michigan: A combination of interven- 
tions, including a one-week camp for middle-school girls 
and advocacy, help ensure that women and girls have 
access to science and engineering curriculum. 
= University of Michigan: A two-week intensive sum- 
mer program prior to seventh grade bolsters girls’ interest, 
confidence and achievement in math. 


Continued on page 28 





WINNERS ANNOUNCED JUNE 4 


For full case studies on the winners, posted June 4, and 
more information about the Honors program, visit: 


For a list of the winning organizations and news from the 
Washington gala, also posted June 4, visit: 
QuickLink: a2050 
www.computerworld.com 
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Finalists 


Continued from page 26 


ENVIRONMENT, ENERGY & AGRICULTURE 
= Dumfries & Galloway Council: Geographic informa- 
tion system maps are distributed electronically every day to 
support the response to the outbreak of foot-and-mouth 
diseases. 
m Rhinowatch: Accurate identification of white rhinos 
by pattern recognition of digital images of their footprints 
enables the first-ever census of these rare animals. 
= The Greenery International: Total integration of 
the supply chain allows Dutch-grown produce to be sold in 
New York and Tokyo within 14 hours of when it was picked. 
w Wilderness Technology Alliance: The education 
resources of federal lands and historic menuments in the 
U.S. are made available to public learning institutions. 
w TXU Energy: The first business-to-business portal in 
the utilities industry improves the way commercial cus- 
tomers manage their energy consumption and costs. 


FINANCE, INSURANCE & REAL ESTATE 
= BenefitMall.com: An online employee-benefits ex- 
change allows brokers serving companies with 100 employ- 
ees or less to shop for plans from hundreds of carriers. 
« Cigna HealthCare: Eighty systems applications 
released throughout 2001 have automated more than 50% 
of administrative transactions. 
w eProperty Tax: An automated application of property 
tax procedures of more than 9,000 local jurisdictions low- 
ers the cost of administering tax computations. 
= HDFC Bank Ltd.: Aggressive use of IT is helping to 
establish the viability of private banks in india, where banks 
are primarily operated in the public sector. 
= Household International Inc.: Loan agents work 
directly with underwriters to automate the loan approval 
process, often generating a response in seconds. 


GOVERNMENT & NONPROFIT 
= Defense Manpower Data Center: The U.S. Depart- 
ment of Defense issued smart cards that allow for secure 
physical and computer access (see story, page 29). 
s Icouldbe.org: Hundreds of career mentors communi- 
cate online with urban and rural at-risk teens, alleviating the 
shortage of mentors and guidance counselors. 


w Oklahoma State Department of Human Services: 


System allows parents to check their children in and out of 
child care electronically and provides real-time data to state 
agencies and accelerated payment to providers. 

s Shanghai Social Security Card Service Center: 
A network of more than 10,000 terminals provides access 
to personal information for citizens in an area of 3,720 
square miles. 

= Technology Works for Good: integrated consulting 
services, educational events and peer networking help non- 
profit leaders deliver their vital services to the community. 
w The Kursk Foundation: Three-dimensional software 
creates a detailed visual mode! of the sunken nuclear sub- 
marine Kursk, analyzing the the operation of retrieving it 
from the ocean floor before it contaminates the waters. 
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GEOFFREY W. MARCY, director of the Center for Integrative Planetary Science at the University of California, Berke- 


ley, has found 52 of the 86 known “extra-solar” planets. 


UNIVERSITY OF CALIFORNIA, 
BERKELEY 


Scientists Develop 
Algorithms to Discover 
Extra-Solar Planets 


Technology led one astrophysicist to 
boldly go where none has gone before 

BY GARY H. ANTHES 

“People thought we were a little crazy,” recalls as- 
tronomer Geoffrey W. Marcy. “When we told them we 


were going to look for planets around stars, they’d kind | 


of look down at their shoes and scuffle a little bit.” 

Finding planets outside of our solar system 
seemed next to impossible in 1984 when Marcy be- 
gan his search. Planets at great distances are just too 
smail and dim, compared with the stars they orbit, to 
be seen by even the most powerful telescopes. In- 


deed, Marcy worked for ll years before finding one. 
But the former skeptics don’t stare at their shoes 
anymore. Marcy, director of the Center for Integrative 


| Planetary Science (CIPS) at the University of Califor- 


nia, Berkeley, has found 52 of the 86 known “extra-so- 


| lar” planets. He has won a slew of prizes and medals 


for his work, and he may be the only astrophysicist 
ever to appear on the Late Show With David Letterman. 

It has been known for years on theoretical grounds 
that a planet orbiting a star would cause a slight per- 
turbation in the gravitational field of the star, produc- 
ing a tiny shift in the spectrum of starlight emitted. 
The problem was that this Doppler shift is so slight that 
it’s virtually undetectable. Marcy saw the solution not 
in better telescopes but in better computer software. 

Marcy and a colleague, Paul Butler, developed al- 
gorithms and wrote 50,000 lines of code to model the 
expected Doppler shift, then used statistical methods 
to compare this “synthetic” spectrum with observed 
spectra. “We spent thousands of hours in front of 
computer terminals to write code to do various 
tasks,” Marcy says. “There was nothing we could take 
off the shelf.” 
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The model resulted in Doppler shift measure- 
ments of unprecedented accuracy, good enough to 
detect the passage of a planet between its star and 
Earth. “It’s one of the most important discoveries of 
the last 100 years,” says Frank Drake, chairman of 
the board of trustees of the SETI Institute in Moun- 
tain View, Calif. 

Early in the project it took six hours of computer 
time to process the data from a 10-minute observa- 
tion of one star. CIPS now uses 20 high-end work- 
stations from Sun Microsystems Inc. to process the 
same data in about 10 minutes. 

But Marcy had to invent ultra-efficient data reduc- 
tion algorithms as well. “For many years we didn’t 
have an algorithm that was good enough, but we 
could see ourselves slowly but surely improving,” 
he says. “It was a trying period, to put it mildly.” 

“It’s a textbook example of how to do science,” 
says Drake. “Marcy was dedicated, he made careful 
measurements and was very careful in the analysis 
of the data. He knew from Day 1 it would be a long 
time before he got results, but he stuck with it.” D 


| 


U.S. DEPARTMENT OF DEFENSE 


Military Pioneers the 
Use of Multifunction 
Smart ID Cards 





| consulting firm Frost & Sullivan Inc. in San Jose. 


The CAC also incorporates “migration technolo- 


| gies” such as bar codes and a magnetic strip to ease 


the transition from legacy systems, says Dixon. More 
than 900 sites worldwide that issue the cards needed 
to be upgraded. “As a result of using the existing ID 
card infrastructure, the previously planned PKI infra- 
structure could be significantly reduced,” she says. 


| “(Getting] both an ID card and PKI credentials [is] 
| now a one-stop operation, generally requiring not 


much more time than it took previously to get just the 


| ID card. [That saves] almost 30 minutes per person.” 


Another challenge for the DOD was creating inter- 
operability specifications. “Is the spec perfect? No,” 
says Dixon. “But does it work? Yes. We decided to do 


| what we can first, then improve upon it.” 


The PKI token is a hardware-based authentication 
method for logging into a network or encrypting or 
decrypting e-mail. The Web-centric approach also 
allows the DOD to use the card as a strong authenti- 
cation to legacy or new databases and Web sites 


| while minimizing the amount of information that 


has to be stored on the card, says Dixon. The CAC 
is also the first departmentwide identification for 
civilian DOD employees, she adds. 

The CAC is “exemplary in terms of security, tech- 
nology and portability,” says Randy Vanderhoof, 


| acting president and CEO of Smart Card Alliance 
| Inc., an industry group in Princeton Junction, NJ. 


The CAC marks an unprecedented “push to inter- 


| operability” and meets the challenge of distributed, 


| decentralized and secure smart card issuance, adds 


Common Access Card helps reduce 
paperwork and ensure secure systems 


BY EUGENE A. DEMAITRE 
Nowhere is security, portability and scalability more 
important than at the U.S. Department of Defense 
(DOD). By the end of next year, all 4.3 million U.S. 
military personnel, civilian DOD employees and on- 
site contractors will be using one card for everything | 
from logging into shared workstations to getting 
food at the commissary. 
According to Mary Dixon, 
lat director of the DOD Access Card | 
mi, Office, three programs converged | 
De ad in the Common Access Card 
" (CAC) project: the development 
of a digital signature for elec- 
tronic transactions, a public-key 
infrastructure (PKI) token for 
network security and a smart 
card to enable re-engineering of 
business processes. A successful 
one-year pilot test in Hawaii 
paved the way for CAC use by 
all branches of the military. 

The chips on the smart cards 
each have 32KB of memory and use the Java Card op- 
erating system and the federal government's interop- | 
erability specification. This specification allows mul- 
tiple vendors to provide the cards, readers and mid- 
dleware for about $10 less per user than for the previ- 
ously used PKI-only cards, which ran about $50 each. 

“Adoption of the Java open-card standard, rather 
than a proprietary technology, will set a trend,” says 
Prianka Chopra, a smart card analyst at international 


od 


MARY DIXON, 
director of the 
1010) 8 Verena 
Card Office 





| Dixon. It’s also the largest deployment of open, mul- 


tiapplication smart cards, which Chopra calls a 
“model for U.S. smart card development.” D 


| SIEMENS AG 


Unilingual System 
Allows Entry to World’s 
Financial Markets 


| Single format and currency save the 
| electronics company $50,000 a month 


BY MELISSA SOLOMON 
With $75 billion in revenue, 1,200 subsidiaries and 


| 460,000 employees around the world, Siemens AG 


has been accustomed to being on solid footing. So 
when its cash flow began to ebb a few years ago and 
analysts started giving it low marks, the Munich, 
Germany-based electrical engineering and electron- 


| ics firm took action 


The plan was simple: Gain access to money from 
the richest country in the world through a listing on 
the New York Stock Exchange, says Hermann Giehrl, 
director of IT at Siemens’ finance department. 

But that was easier said than done. 

Up until that time, Siemens had been regulated by 
German accounting laws. But to be listed on the 
NYSE, it needed to comply with the U.S. Generally 
Accepted Accounting Principles (GAAP). To do so, 

Honors, page 30 
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MANUFACTURING 
= Agilent Technologies Inc.: Consolidation of operat- 
ing groups into a worldwide IT function drives costs down 
and frees resources for investment (see story, page 30). 
w Centex Homes: As milestones in a home construction 
project are completed, a contractor sends data via a hand- 
held device, initiating payment and updating the private 
Web site where homeowners can view a project's progress. 
= Colgate-Palmolive Co.: The consumer goods manu- 
facturer manages its business on one system with the same 
information in 50 countries, thus lowering costs. 
m= Siemens AG: Europe's largest consolidation of legal 
and management reporting allows a company to meet 
requirements of multiple exchanges (see story at left). 
e Toshiba Corp.’s Semiconductor Company: Order 
consolidation allows daily master planning and improved 
responsiveness to 3,000 orders per day. 
a VF Corp.: Weekly decisions on garment production 
volumes are managed by supply chain management sys- 
tems, significantly reducing inventory levels. 


MEDIA, ARTS & ENTERTAINMENT 
e Canadian Broadcasting Corp.: Bilingual Web ac- 
cess to Canadian history, supported by robust media asset 
management tools, helps to ensure that Canada’s past will 
be preserved well into its future. 
= Danilo Black: First-ever use of a new publishing tech- 
nology allows closer work between a magazine's designers 
and journalists for more efficient production. 
a JAK Films: Technology brings movie storyboards out 
of the black-and-white drawing era and brings animation, 
texture and mood to the earliest stages of production. 
= Macromedia Inc.: The vector-based Flash format 
enables rich Internet content and applications, allowing 
companies to deliver better user experiences with signifi- 
cant return on investment. 
a MaMaMedia Inc.: Unique kids-oriented programming 
available within 48 hours of the Sept. Tl tragedy has given 
more than 1.6 million Web site visitors (mainly children ages 
7 to 14) a place to share their feelings. 
= Oprah.com: Interactive tools extend the experience for 
viewers of the popular TV program, allowing them to partici- 
pate in an active community for support and friendship. 
= Shanghai Wenhui Xinmin News Group: Aggres- 
sive management of one of China's largest business net- 
works supports the efficient production of three daily news- 
papers, seven weeklies and four magazines. 


MEDICINE 
= Bristol-Myers Squibb Co.: Innovative decision- 
support technologies expedite the discovery of new drugs 
by allowing scientists to simultaneously test compounds in 
multiple experiments. 
= Dell Computer Corp.: More than $500,000 of donat- 
ed computer equipment was configured, manufactured, 
delivered and installed at the Red Cross within days of the 
Sept. 11 attacks. 
a Endius inc.: Minimally invasive endoscopic procedure 
transforms spine fusion from a highly compiicated surgery re- 
served for serious disorders to a routine outpatient procedure, 
dramatically lowering costs and improving recovery times. 
= IRCAD/EITS: First-ever trans-Atlantic telesurgery is 
made possible by advanced communication and robotics 
technology that transmitted the actions of a surgeon in New 
York to a Strasbourg operating room and returned the video 


Continued on page 30 
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image to New York in less than one-fifth of a second. 

« MedicaLogic: Direct entry of medical prescriptions 
into a handheld application eliminates errors associated 
with handwriting and fits into doctors’ regular work 
processes. 

« University of Pittsburgh Medical Center: Limiting 
the incision size for heart surgery and eliminating the heart- 
lung machine combines advantages of catheter techniques 
with the superior outcomes of coronary bypass techniques. 
= Wellmont Health System: Central storage of high- 
resolution medical images makes them available instantly 
at any hospital, eliminating delays in diagnosis. 


SCIENCE 
= Celera Genomics Group/Whitehead Institute/ 
Sanger Centre: An array of more than 600 high-perfor- 
mance processors enables the mapping and sequencing of 
the human genome, opening a new era in biotechnology. 
= Connecticut State Police Department: Advanced 
enhancement of bite-mark images from crime victims al- 
lows first-ever matching with suspect teeth patterns. 
= Stanford Linear Accelerator Center: The world’s 
largest object database supports the use of 4507TB of data 
about electron-positron collisions to explain why the uni- 
verse seems to have more matter than antimatter. 
a The University of Leeds: Detailed cell- and tissue- 
level models of heart behavior yield understanding of nor- 
mal and abnormal heart tissue and arrhythmias, leading to 
improved techniques for treating heart disease. 
a University of California, Berkeley: Parallel pro- 
cessing of radio telescope data on the unused cycles of 
3.5 million home computers allows data from a wide band 
of the sky to be scanned every six months. 
« University of California, Berkeley: A decade of 
refinement yields software algorithms sensitive enough to 
detect the infinitesimal changes in light caused by planets 
orbiting distant stars (see story, page 28). 


TRANSPORTATION 
« Delta Air Lines Inc.: A dynamic digital network con- 
stantly receives, stores, organizes, filters and distributes 
data to ensure that employees and travelers receive clear, 
consistent, timely and applicable information. 
a Pratt & Whitney: A single enterprise system inte- 
grates the aerospace engine manufacturer's worldwide 
operations with its suppliers and customers. 
= The Boeing Co.: A cluster of PC processors is used 
to model the behavior of a new generation of rockets, low- 
ering design costs and improving product reliability. 
= The Port Authority of New York and New 
Jersey: Rapid recovery from the loss of an automated 
toll systems control computer helped to keep traffic flowing 
normally, aiding Sept. 11 recovery efforts (see story, 
page 27). 
= Travelocity.com LP: The first online travel company 
puts consumers in control by offering comprehensive travel 
options at the customer's fingertips. 
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Continued from page 29 
Siemens’ financial reporting systems had to accom- 
modate both European and U.S. accounting rules, its 
IT applications had to be simplified to operate more 
efficiently and accurately in global markets, and the 
company needed to teach its workforce an entirely 
new way of doing business. 

In March 2000, the company kicked off the En- 
hancement of Siemens Processes in Reporting and 
Information Technology, or ESPRIT. At the core of 


the project was a new Enterprise Controlling module | 


from SAP AG. 

The system replaced more than 2,500 decentral- 
ized applications and integrated the 16 applications 
used by Siemens’ corporate finance department into 
a single global application. That one application is 
based on GAAP standards, but it translates data into 
the complex German accounting rules. 

In March 2001, the company took its place on the 
NYSE. In addition, the system has helped Siemens 
provide more timely, complete and accurate financial 
reports, says Giehri. Through Web-based data ware- 
house and management tools, employees in 190 coun- 
tries, who speak a variety of languages, can enter fi- 
nancial information using a single format and curren- 
cy, he explains. And thanks to about 650 validation 
rules built in to the system, incorrect data can no 


longer find its way into financial reports, says Giehrl. | 


In terms of cost savings, the system has enabled 
the company to cut back on its annual expenditures 


ment department by switching from a homegrown 
system to a standard package, says Giehrl. So far, that 


has translated into cost savings of about $50,000 each | 


month, he says. 
According to J. Spitzy, an investment analyst at 
New York-based Lehman Brothers Holdings Inc., 


a major improvement in Siemens’ ability to deliver 


AGILENT TECHNOLOGIES INC. 


IT Consolidation Puts 
Unaligned Projects 
On Chopping Block 


Standard, integrated applications 
reduce operational spending by 23% 


BY KATHLEEN MELYMUKA 
When Agilent Technologies Inc. in Palo Alto, Calif., 
spun off from Hewlett-Packard Co. in November 
1999, its 2,500 IT employees were dispersed over 
three businesses in 40 countries. Each area had its 
own IT infrastructure, operations, applications and 
staff. A portfolio of 1,500 applications inherited from 
HP was eating up 80% of the IT budget, and the re- 
maining budget was scattered among too many local 
priorities to show much bang for the buck. 

Vice President and CIO Marty Chuck knew there 
was a better way. In November 2000, he began an ini- 
tiative to consolidate IT. 


The challenges were huge. Previously autonomous | 
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MARTY CHUCK, vice president and CIO at Agilent 
BE Tou eel mime Om VL COmm Ort 


managers had to accept corporate decision-making, 
and many pushed back. “It was very difficult,” Chuck 
admits. But Chief Operating Officer Alain Couder 
put his authority behind the “One IT” initiative, and 
executives were clear about changes they wanted. 

“Once you set a clear vision, I have a high intoler- 
ance of things that don’t align,” Chuck explains. “We 
are all empowered to call things out and trim what 
isn’t helping us win.” 

Executives consolidated all IT projects and pro- 
posals into one plan, rated them on alignment with 


| the business and pulled the plug on many. Stakehold- 
| ers didn’t like it. “I got a lot of hate mail,” Chuck says. 
for hardware and software and eliminate its develop- | 


“But that just hardened my resolve. You have to have 
the skill and the will to drive these things.” 

Moving from 1,500 applications to a few standard 
systems is a continuing technical challenge, and IT 


| employees worry about the portability of their own 

| skills, Chuck says. He meets those concerns with 

| candor and lets his IT people decide where, how and 
the information released last year “definitely showed | 


if they'll fit in. “We are very open and honest about 


| what the organization will look like, what the appli- 
appropriate insights into their group performance.” D | 
| he says. 


cations portfolio will look like, what we see coming,” 


By November 2001, a global, centralized IT was in 
place. It has reduced operational spending by 23% 


| ($160 million over 18 months). The savings are fund- 


ing the gradual replacement of old systems with 


| standard, integrated applications. New desktop poli- 
| cies have saved the business units an additional $50 


million, and in fiscal 2001 alone, Agilent avoided 
more than $300 million in expenses by saying no to 
unaligned projects. 

Agilent’s strong, central governance made all the 
difference in this effort, says Barbara Gomolski, a San 
Diego-based analyst at Gartner Inc. “Lots of compa- 
nies forget about the management underpinnings, 
and it doesn’t work,” she says. “Agilent started with 
that foundation.” 

Gomolski says any company could benefit from as- 
pects of the One IT approach, at least for commodity 
applications and services. And while Chuck says it 
might not make sense in an autonomous holding com- 
pany, in an integrated enterprise, “it drives out waste 


| and cost and gets people focused on strategic goals.” 


But be prepared for a long haul. “The savings we 
got was not due to one or two things; it was due to 
150 things,” he explains. “We’ve been on a dead run 
for several years. We kicked over every rock. And 
we're not done.” D 
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Redundant Hot Swap Components 


Introducing Guardian™..Cost-Effective, Simple 
Network Attached Storage for the Enterprise 


Specs °1.47B © 5U * Duai Gigabit Ethernet 

¢ Supports Windows/ UNIX/Linux/Macintosh 

Environments ¢ Journaling File System 

¢ Standard On-site Support 

Security/Management * Vicrosoft ADS 

* UNIX NIS * SNMP « SSL * SSH 

* Quotas for Users and Groups’ ¢ File and Folder 

Security for Users and Groups * Kerberos Authentication 

Availability * RAID 5,1,0 * 12 Hot-swappable Disk Drives * Redundant, 
Hot-swappable Power Supplies and Cooling Fans * Dual Ethernet for 

Load Balancing and Failover * Dual Power Cords 

Data Protection * Snapshots * Backup Agent Support (VERITAS NetBackup 
and Backup Exec, CA ARCserve, Legato NetWorker) * Server-to-Server (S2S) 
Synchronization Software * Local Backup via SCSI Port? * APC Smart-UPS Support 
* Unlimited User License PowerQuest DataKeeper (for Windows Client Backup) 


1.888.343.7627 © www.quantum.com 


1.4TB/3U...under $25,000 

The new Quantum Guardian™ 14000 server eliminates cost 
and complexity from your storage infrastructure. Deployment 
is quick and easy, with no downtime. That should save some 
headaches. And the low acquisition cost combined with its 
high availability and minimal administration helps you live 
within your budgets. Yet you still enjoy the enterprise-class 
security, management and performance your environment 
demands. The new Quantum Guardian™ 14000 servers... 
building blocks for simple, scalable storage growth. Visit 
www.quantum.com/Guardian14000 for an interactive demo. 


Quantum. 





Full-tilt scalability. Massive horsepower. 


Meet the BayStack 470-48T Switch. 


Looking to jump-start your network through the wiring closet? Nortel Networks™ has the machine for you. With its 
impeccable scalability, the BayStack™ 470-48T Switch can be stacked (a total of eight) to achieve up to 384 10/100 ports 
for high-density desktop switching. And if it’s muscle under the hood you're after, the BayStack 470 comes standard 
with two GBIC ports for dedicated uplink connectivity to network core switches or in a full stack with up to 16 GBIC 
ports available for uplink capability. The resilient stacking design and fault-tolerant connections to mission-critical 
servers or core switches assure continuous network operation with minimal downtime. You'll even save money since 
its innovative built-in stacking design eliminates the need to purchase stacking accessories and frees up uplink ports 
for double the throughput to the network center. Plus, BayStack’s comprehensive QoS implementation ensures 
network availability for the most bandwidth-intensive or delay-intolerant applications. Enhanced security features 
even offer protection against unauthorized access. Bottom line — it’s loaded with extras for premium, cost-effective 


network performance on all points. To learn more, visit www.nortelnetworks.com/baystack470-48t. 
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THE REAL DEMANDS 
FOR SECURITY PROS 


Contrary to conventional wisdom, 
IT security professionals aren’t as 
keenly sought after as they were 
believed to have been after Sept. 11. 
Flat budgets and personnel cuts 
are forcing existing ones to take on 
added responsibilities. PAGE 36 


HOW COMMUNITIES 
CAN PAY OFF 


Companies are using online 
communities to help spread 

peer expertise among employees. 
The systems are paying for them- 
selves through improved customer 
service and quicker responses to 
business problems. PAGE 40 


LEADERSHIP'S 
‘DARK SIDE 


A leader who ig- 

nores the dangers 

associated with 

organizational 
change can set himself up for a 
fall, cautions Harvard Business 
Review author Ronald A. Heifetz 
(above). PAGE 42 


CAREER ADVISER 


Fran Quittel offers advice to a law 
enforcement professional who 
wants to break into computer 
forensics and to a software engi- 
neer who asks about his rights as 
he changes jobs. PAGE 44 


WORKSTYLES 


The IT culture at Limited Tech- 
nology Services, the technology 
arm of retailer The Limited Inc., 
emphasizes teamwork and careful 
planning, says applications man- 
ager Monika Foy. PAGE 44 








BUSINESS 


PAUL A. STRASSMANN 


Playing ‘Survivor’ 
N THIS ERA of lower corporate profits and tight IT spending, CIOs’ 
careers are on the line when they get grilled during periodic budget 
reviews. Unfortunately, the CIO’s survival kit isn’t well stocked with 


credible analytic methods that will answer the supreme question: 
How can a CIO prove that IT will deliver a significant contribution 


to improved profits? 


When ClOs prepare for budget reviews, they must overcome rising 


skepticism about their ability to link IT to improved 
results. But there is no prescription for how to sur- 
vive a budget review. As a CIO who managed to get 
approval for many spending proposals from 1961 
through 1993, I found that there are three tests one 
must pass to be invited back for more budget torture: 

The Microscope Test. First, the CIO must propose op- 
erational cost cuts in the IT infrastructure, software 
maintenance and expenses for network services. The 
CFO knows all about Moore’s Law and will start a 
budget review by requesting an 18% cut because 
that’s the number computer gurus parade before 
executives when trying to impress upon them how 
computers are getting cheaper every year. 

Second, the CIO must document the ROI for all 
proposed IT projects that would contribute to reduc- 
ing corporate assets, increasing revenue, improving 
market share, reducing production costs or cutting 
corporate overhead. This can be accomplished only if 
you compare a “base case” (such as doing nothing) to 
a projected discounted cash flow over the expected 
life of every investment. The CFO will! make sure that 
the projected savings are then locked into the corpo- 
rate operating plans so he can compare actual quar- 





terly results to the new performance targets. 

The Window Test. This involves an examination of 
how a firm stacks up against its peers and 
competitors. First, the CIO must add all IT 
costs (including user expenses), such as 
recovery from systems crashes, systems 
training expenses and work-inhibiting 
downtime. The costs must then be com- 
pared to IT spending at firms that employ 
a comparable number of information work- 
ers, manage similar ratios of desktops to 
employees and display similar financial 
characteristics such as profits-to-revenue 
or equivalent ratios of transaction costs to 
cost of goods. Then, you can answer the 
CFO’s perennial inquiry about whether the 
company is overspending compared with 


paui@strassmann.com) 
practiced the art of 
{T budget justification 
throughout his 
career as a CIO. 


industry peers. Second, the CIO must recognize that 
even though each IT project may be attractive, the 
firm’s total information overhead may still exceed 
that of its competitors. If the overhead is out of con- 
trol, an IT budget that passed the microscope test 
would be thrown back for resubmission and seen as 
proof that the CIO doesn’t understand the business 
beyond technology. 

The Telescope Test. CEOs recognize that the increas- 
ingly volatile competitive arena requires anticipating 
potential threats to prosperity. External influences 
such as security risks, technological innovation, 
value-chain shifts and globalization of competition 
could lead to mandatory reallocations of IT invest- 
ments into programs that aren’t demonstrably prof- 
itable but must nevertheless be adopted as “insur- 
ance” to sustain business competitiveness. There are 
a variety of techniques for dealing with such issues, 
though I find scenario-driven war games or business 
simulations exceptionally helpful in reaching consen- 
sus on where and how to invest scarce IT funds. If 
a CIO doesn’t address such questions, an IT budget 
that passed the Microscope and Window tests would 
be thrown back for re-examination and used as evi- 
dence that the CIO should be gracefully moved to a 
“chief technologist” role. 


Implications 


A CIO’s career can either be advanced 
or shredded after a budget review. No 
other engagement is more important. To 
prepare for that, IT organizations must 
arm themselves with the means and tools 
to assure passage of the three survival 
tests. Such formal methods are the only 
ways to successfully stand up to such chal- 
lenges. Whether the initiatives for adop- 
tion of such methods originate from the 
CIO or the CFO doesn’t matter. What’s 
important is that they be done before an 
ax is taken to the budget. D 
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Inthe face of flat 
budgets and rising 
threats, IT security 
en are 

eing asked to do 
more with less and 
to sharpen their 


business savvy. 
BY DEBORAH RADCLIFF 


FTER BRUCE LOBREE, an information 
security engineer and a 20-year IT 
veteran, lost his job in October, he 
decided to work for contracting firms 
such as RHI Consulting in Menlo 
Park, Calif., while waiting out the re- 
cession. Since then, Lobree has met 
client after client who wants a jack-of-all-trades — 
someone who can administer any brand and ver- | 
sion of firewall and intrusion detection, is network- 
savvy, can code and is versed in new technologies 
like XML, .Net and wireless. 
Clients also want someone who can speak in | 8 


CARDINAL HEALTH’S John Hartmann and Ed Daniels say 
/ that the opportunity to train staffers with diverse backgrounds 
in vulnerability assessment is key to their security success. 


terms of return on investment to sell projects to 
executives and who knows everything about the 


Security 
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client’s business, including its regulatory issues. 

“I have peers going back for their MBAs,” says Lo- 
bree, who has spent six months charting cross-indus- 
try regulations and standards affecting security and 
privacy to meet his clients’ needs. 

Everyone predicted that IT security jobs would be 
hot after the Sept. ll terrorist attacks, but the reality 
is quite the opposite. Would-be employers say that 
their security budgets are flat, that risk and threats 
are rising, and that they’re being asked to do more 
with less because of staffing shortfalls elsewhere 
within their IT organizations. 

For example, in addition to network monitoring and 
intrusion detection, a security analyst might also have 
the security responsibilities of laid-off Windows NT 
and Unix administrators, explains David Foote, presi- 
dent and chief research officer at Foote Partners LLC, 
an IT workforce research firm in New Canaan, Conn. 

So rather than focusing on hiring people for their 
specific security skills, corporate IT managers are 
looking inside their IT organizations for the right 
combination of technology and business acumen and 
then training workers in the ways of computer foren- 
sics, intrusion detection and incident response. 

“Certifications and technical security expertise 
aren’t my first criteria in placing a security special- 
ist,” says Mike Hager, vice president of network secu- 
rity and disaster recovery at OppenheimerFunds Dis- 
tributor Inc. in New York. “I’m looking for other im- 
portant factors: Do you understand how the business 
works? Can you put this in perspective of easier, bet- 
ter, faster and then sell it to the company? Are you a 
team player? Do you understand the technology ba- 
sics so I can teach you the rest?” 


Monitoring and Response 

As at other firms, hiring at OppenheimerFunds is 
flat overall. But that doesn’t stop Hager from dedicat- 
ing existing resources to new security problems. For 
example, he has sent two of his team members to the 
University of Denver to study database security. 

Hager has been assigning more training in intrusion 
detection and incident handling, a move that’s consis- 
tent with what other firms are doing, says Bill Kasko, 
division director at RHI Consulting’s staffing office in 
Dallas. Although security jobs are scarce, Kasko says 
he’s seeing more client requests for administrators 
with knowledge of how to handle cyberattacks, net- 
work monitoring and intrusion-detection programs. 

“Companies are looking at vulnerabilities across 
every bit of their organizations, even in their wireless 
systems,” he says. “That takes a basic understanding 
of network topology in addition to an understanding 


| 
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PAY AND PREMIUMS 


Here's a rundown on the salaries and bonuses that 
various IT security professionals currently command: 


DIRECTOR OF INFORMATION SECURITY 


$92K TO $142K 


(Average $119K, with bonus range of 10% to 199% of base pay) 
MANAGER OF INFORMATION SECURITY 


$80K TO $122K 


(Average $195K, with bonus range of 8% to 15%) 


INFORMATION SECURITY ENGINEER 


$67K TO $104K 


(Average $86K, with bonus range of 6% to 129) 
INFORMATION SECURITY ANALYST 


$59K TO $89K 


(Average $73K, with bonus range of 6% to 12%) 


SOURCE: QUARTERLY IT PROFESSIONAL SALARY SURVEY OF PAY 
RATES FOR 30.000 IT WORKERS IN 60 US. CITIES, FOOTE PARTNERS 
LLC. NEW CANAAN, CONN. 


of legal and compliance issues, which must trickle all 
the way down to the security analyst level.” 

Despite the specialized technical nature of IT secu- 
rity work, employers are more concerned with soft 
skills. For John Hartmann, vice president of security 
and corporate services at Cardinal Health Inc. in Dub- 
lin, Ohio, key skills include the ability to learn, build 
relationships and understand business requirements. 

Hartmann has provided his staff with training in se- 
curity policy development and implementation, com- 
pliance (particularly with the Health Insurance Porta- 
bility and Accountability Act) and best practices that 
are the foundation of the company’s vulnerability as- 
sessment program. Because he pos- 
sessed the core skills Hartmann con- 


siders prerequisites, Ed Daniels was COMING NEXT WEEK 


ary x 


propelled from telecommunications 
networking manager to information 
protection director two years ago at 
Cardinal, a $49 billion medical sup- 
plies and services conglomerate. His 
networking management work put 
him in daily contact with other busi- 
ness units, so critical relationships 
already existed. On top of that, 
Daniels has a passion for learning, says Hartmann. 

Daniels builds his own staff using a similar ap- 
proach. The company’s intrusion-detection analyst, 
who transferred from Cardinal’s pharmaceutical au- 
tomation group, was picked for his diverse systems 
and customer service background. The vulnerability 
assessor came from another Cardinal division, where 
she provided Unix and database support. She was 
hired for her writing and relationship-building skills. 
Even the two analysts hired from outside the firm 
had little security background. 

“All my analysts have diverse backgrounds that 
would add something to the team,” says Daniels. 

Cardinal and OppenheimerFunds aren’t alone in 
their approaches to skills building. Because of layoffs 
and budget cuts, IT managers are being forced to re- 





| curity right now, 





3] 


train existing staff on security issues, says Alan Paller, 
director of research at the SANS Institute in Bethesda, 
Md. More than 12,000 students went through the 
SANS Global Information Assurance Certification 
program last year, and Paller said he expects that 
number to be about 16,000 this year. 

Meanwhile, the roles of senior-level security man- 
agers are also expanding, according to Tracy Lenzner, 
founder and CEO of security executive search firm 
Lenzner and Associates in Las Vegas. As is the case 
with other IT positions, there’s very little hiring of se- 
curity managers going on, she says, and those who 
still hold security jobs are picking up global responsi- 
bilities, particularly where government liaison and in- 
ternational legal issues are concerned. Security pro- 
fessionals with these types of responsibilities are 
earning salaries of $150,000 to $300,000 per year, says 
Lenzner, who adds that a handful of executive-level 
jobs even command seven-figure salaries. 

“Security executives must be expert in government 
regulations, cyberterrorism protection, private-/pub- 
lic-sector partnerships like the critical infrastructure 
and homeland security, even physical security,” she 
says. “So a lot of these candidates come from govern- 
ment backgrounds.” 

One such person is Charles Neal, vice president of 
managed security services for business hosting provid- 
er Exodus, a unit of Cable & Wireless PLC. Neal, who 
was promoted to the position six months ago, having 
joined Santa Clara, Calif.-based Exodus as director of 
its cyberattack “tiger team,” had been a special agent in 
the FBI’s computer crime squad in Los Angeles. 

“There’s great expectations within the FBI to work 
with embassies around the world, a necessity in the 


| borderless Internet world,” says Neal. “There’s a lot 


of carry-over from the FBI to the private sector that 
people wouldn’t expect.” 

Like his peers at Cardinal and OppenheimerFunds, 
Neal also looks for business and soft skills from his 
technical team. When he finds ar- 
ticulate security professionals who 
are good at relationship-building 
and have a strong work ethic, he 
mentors them to take over some of 
his own workload. 

Team-building through mentoring 
and training are critical first moves 
in preparing a staff and building loy- 
alty for what Foote predicts will be a 
“hiring bubble” in the first half of 
next year. That’s when he expects 
CEOs, under pressure from shareholders, to fund 
more information security, he says. But with a short 
supply of IT security professionals who are savvy in 
both business and technology, IT security leaders 
should be planning their hiring strategies now, he adds. 

Says Foote, “If 
you're not putting 
your rebranding 
plan together in se- 


SECURING JOBS 


To visit the leading IT security job 
boards, go to: 
that small pool of 


talent of hybrid se- 
curity workers will 
be long gone when 
your CEO is ready 
to sign that check.” D 


To find out which industries are 
desperate for IT security pro- 
fessionals, visit: 
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HE STAFF AT A Schlumberger- 
Sema oil-drilling site in In- 
donesia faced a serious prob- 
lem: A field engineer had 
inadvertently programmed 
the wrong instructions into a comput- 
erized drilling tool, and the problem 
wasn’t detected until after drilling had 
begun. Was there a way to save 
the situation without the expense 
and lost time required to stop the 
drilling and start over? 

At 5 p.m. in Indonesia, Schlum- 
bergerSema engineers placed a call 
to the company’s InTouch system, 

a program designed to put subject- 
matter experts in immediate contact 
with on-site staffers who need answers 
midproject. 

Although it was 4 a.m. in Houston, 
within 15 minutes the head of the de- 
partment that oversees the drilling tool 
had worked out a solution and trans- 
mitted it back to Indonesia. An hour 
later, drilling was back on track. 

InTouch is just one example of how 
companies are starting to use online 


| 








BUSINESS 


community tools to take knowledge 
management beyond its traditional role 
associated with chat rooms, data repos- 
itories and FAQs. Although stored 
knowledge is still essential, these new 
tools also allow employees to tap into 
the most powerful problem-solving re- 
source they have available: one another. 
“A big part of knowledge man- 
agement is knowing which per- 
son to tap as a resource rather 
than looking for information in 
a book or report,” explains 
Jonathan Spira, chairman and chief an- 
alyst at Basex Inc., a New York-based 
research and consulting firm. 


Removing Redundancy 


So far, SchlumbergerSema’s 18-month 
program has reduced the time it takes to 
resolve technical questions by 95% and 
saved the Paris-based company more 
than $150 million annually — after fac- 
toring in the $50 million per year it 
costs to operate InTouch, says Reid 
Smith, vice president of knowledge 
management. 


Pulse of the Organization 


Cingular Wireless in At- 
lanta has grown rapidly 
through a series of merg- 
ers that has brought peo- 
ple from different compa- 
nies and corporate cul- 
tures together. CEO 
Steven Carter wanted 
to know how Cingular's 
employees were handling the adjustments, 
but he didn’t want the information filtered 
through their managers 
So about a year ago, he issued a directive 
to find a way for him to have direct contact 
with employees. “He wanted to communi- 
cate with them as much as possible, but he 
does have a brutal travel schedule,” says 
Bonnie Owen, director of employee commu 
nications. “We had to find something that 
would not take a iot of his time.” 


Putting Communities 
To Wo 





The solution is a once-a-month live online 
chat session between Carter and the com- 
pany's employees. The chats are open to all 
employees, though a few have been limited 
to a specific region he wanted to address. 

The chats have helped Carter identify 


| small problems before they became big ones. 


For instance, when the company consolidat- 


| ed payroll software after a recent merger, 


some employees were confused about how 


| to enter their work hours. That resulted in in- 


correct checks, Owen recalls. “Some people 
in human resources knew about it, but it 


| wasn't widely known,” she says. 


Because the issue came up repeatedly 
during a chat, Carter became aware of the 
problem and “was able to escalate it, give 
it more visibility and get it resolved faster,” 
Owen says. 

- Minda Zetlin 





A similar system also brought big 
savings to Clarica Life Insurance Co. 
in Waterloo, Ontario. The insurer uses 
software from AskMe Corp. in Belle- 
vue, Wash., to identify company ex- 
perts in various topics and make them 
available to answer questions from 
other employees. 

Employees can query the system 
by keyword to find existing answers 
that might match their questions. If 
they still aren’t satisfied, the system 
also offers a searchable list of subject- 
matter experts who can answer ques- 
tions via e-mail. 

“The question might be, ‘How do I 
go about investigating this error that 
the client reported?’ They’re usually 


| about a particular part of a process in a 


specific plan,” says Hubert Saint-Onge, 
Clarica’s senior vice president of 
strategic capabilities. 

By querying the system, employees 
can find out exactly what they need to 
know from others who are doing the 
same work. 

The system paid off after Clarica 
acquired Royal Trust Co.’s Canadian 
group retirement business in January 
2001. Suddenly, there were 200 new 
employees who had to learn to use 
Clarica’s technology and methods 
while administering corporate pension 
plans, which tend to be very complex. 

“We estimated they would need 
three months of full-time training,” 
Saint-Onge says. Because of its knowl- 
edge management system, however, 
the company was able to cut its train- 
ing time by two-thirds. 

Results like these are why internal 


communities like InTouch are the 


fastest-growing area of online commu- 
nities, according to Jim Cashel, editor 
of “Online Community Report,” an 
industry electronic newsletter based 
in Alexandria, Va. 

Because of financial constraints, 
many companies are scaling back their 
external customer communities, 
Cashel says. But some of these same 
companies are investing further in 
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Community Chest 


COMPANY: SchlumbergerSema 


ONLINE COMMUNITY: InTouch, a 
database of information from subject- 
matter experts that can be drawn upon 
by field staffers. 


PAYBACK: InTouch has reduced the time 
to resolve technical questions by 95% 
during the past 18 months and has saved 
SchlumbergerSema more than $150 mil- 
lion annually, after factoring in the $50 mil- 
lion per year it costs to operate the system. 


COMPANY: Ciarica Life Insurance 


ONLINE COMMUNITY: System based on 
software from AskMe that helps employ- 
ees identify co-workers with subject- 
matter expertise and use keyword search- 
es to find answers to their questions. 


PAYBACK: After Clarica acquired Royal 
Trust's Canadian group retirement busi- 
ness in January 2001, the training of 200 
new employees was expected to take three 
months; the online community helped pare 
the training time to one month. 


COMPANY: Oak Brook, Iil.-based Ace 
Hardware Corp.'s stores and affiliates 


ONLINE COMMUNITY: A system that 
helps connect commercial and industrial 
dealers at 300 locations. 


PAYBACK: Helps Ace affiliates find 
supplies quickly through other dealers. 


their internal employee communities 
because the benefits to the bottom line 
are hard to ignore. 

“Internal communities are generally 
easy to justify financially,” Cashel says. D 
Zetlin is a business technology writer in 
Woodstock, N.Y. 


COMMUNITY CHEST 


To read more about the secrets to creating a successful 
online community, go to: 


QuickLink: 30118 
www.computerworld.com 





Smart companies like SchlumbergerSema are taking online 
communities beyond their traditional limits and using them to 
tap employees intellectual capital. By Minda Zetlin 
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Word on the Street: 
Migrate to Linux. 


On Wall Street, technology performance means money. That's why Red Hat® Linux® 


and Compaq ProLiant™ servers quietly power many of the world’s top financial firms. 


No wonder. Linux is open source. You can see the code. You stay in control. 


And you won't get trapped again by proprietary technology. 
Red Hat Linux Advanced Server is the enterprise platform for UNIX to Linux 
migration. Scalable performance. Stabilized releases. Support from top software 


vendors you already use. 


Red Hat and Compag — enterprise-ready, no matter what street you're on. 
Go to www.redhat.com/explore/thestreet 


compaq =@ redhat 
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BRIEFS 


Virginia Vendor Wins $100M 
Contract for Senate Support 


Officially, it's not an outsourcing contract, but 
an agreement announced last week by the 
U.S. Senate with Signal Corp. has some of the 
features of one. Under the five-year deal, val- 
ued at about $100 million, Fairfax, Va.-based 
Signal will be responsible for help desk sup- 
port of about 9,000 PCs, plus IT installation, 
maintenance and acquisition for senators’ 
Capitol Hill offices and for 450 home-state of- 
fices. However, the Senate maintains equip- 
ment ownership, and each senator has a sys- 
tems administrator on his staff. 


SAE TT TE, RMN TC TERE  B  E 
Poll Sees Gains in IT Hiring 
ClOs forecast a 13% net increase in IT hiring 
in the third quarter of this year, with the 
strongest gains expected in the South Atlantic 
and the Pacific Coast regions, according to a 
survey conducted by RHI Consulting in Menlo 
Park, Calif. The number is up about 3% from 
RHI's second-quarter outlook. The national 
survey of more than 1,400 CiOs found that 
while an overwhelming 80% expect no 
change in hiring activity from July through 
September, 16% plan to expand their depart- 
ments, and 3% foresee cutbacks. 


Panel OKs $230M for 

The Senate Commerce, Science and Trans- 
portation Committee last month approved a 
bill that would add more than $230 million 
through 2007 for information security re- 
search in areas such as cryptography, firewall 
technology, emerging threats, and operations 
and contro! systems. The bill has been sent to 


the full Senate, and the U.S. House of Repre- 
sentatives has approved a similar measure. 





Liberty Tax Service Names 
Director of Technology 


Charles E. Kirkpatrick has been appointed di- 
rector of technology at Liberty Tax Service in 
Virginia Beach, Va. He previously worked at 
InfiNet Co. in Norfolk, Va., and Bank of Ameri- | 
ca Corp in Charlotte, N.C. Liberty, which has 
611 offices in Canada and the U.S., specializes | 
in computerized tax preparation, electronic 
filing, and refund anticipation loans. 


BUSINESS 


The ‘Dark Side’ 
Of Leadership 





Beware of the forces that will try to neutralize your 
effectiveness, says Harvard University professor 





To lead is to live dangerously, and lead- 
ers who ignore the danger can find 
themselves taken down, write Ronald A. 
Heifetz and Marty Linsky in this month’s 
issue of the Harvard Busi- 


| ness Review. The authors, 
| who teach leadership at the 


John F. Kennedy School of 


| Government at Harvard 


University, adapted the arti- 

cle from their new book, 

Leadership on the Line: 

Staying Alive Through the 

Dangers of Leading (Har- 

vard Business School Press, 2002). 
Heifetz talked with Computerworld’s 

Kathleen Melymuka about the perils of 

steering your organization through 


| change. 


Q: What's the “dark side” of leadership? 


| A: It’s the danger, and the danger is a 


product of the real or feared losses that 
frequently accompany change. 


Q: So to the extent that | champion change, 


| 'mindanger? 


A: Yes. When you ask people to devel- 
op competencies they currently don’t 
have, you're asking them to go through 


| a period of incompetence, and the loss 
| of competence is a terrible thing, espe- | 
| cially in IT. 


Depending on how proud they are 
of their competence and how much 
learning they may need to do to devel- 


| Op new competence, they may fight 
| quite ferociously against the validity of | 
| ment that doesn’t get used 
| properly. 


your initiative — and frequently in 


| ways that will endanger your efforts 
| and you personally. 


| Q: What do you mean endanger me 


personally? 


| A: Rarely do I mean physical danger, 


though on occasions we have seen 


| someone go berserk. In the vast major- | 
| resistance really about? What are the 
one’s reputation, career or institutional | 


| credibility. 


ity of situations, the dangers are to 


Q: Where does this danger come from? 


| A: You can find yourself “marginalized” 


| focusing only on the techni- 





| But that’s easier said than done. 


— suddenly no longer in the loop, and 

people are not asking for your opinion. 

There’s out-and-out attack. People can 

begin to take you on face to face in 
meetings in a way that re- 
duces your credibility. Or 
your own people may se- 
duce you by pushing you 
out on a limb to champion 
their perspectives without 
appreciating how much in- 
terference you're going to 
run into. 

You find yourself more 
and more isolated because you're not 
listening to others in the organization. 
It’s seductive because it makes you feel 
heroic, and you don’t discover till 
you're on the slippery slope that your 
credibility is eroded. 

Or people will divert you from the 
tough issues. In IT, they may have you 





focus on the technical dimensions 
rather than the adaptive di- 
mensions of the change IT is 
implementing. 


Q: What are the adaptive dimen- 
sions? 


| A: That’s the degree to which 
| people’s ways of working 


have to change beyond sim- 
ply implementing the hard- 
ware or software system. 
You can be diverted to be 


cal aspect so you end up 
with this wonderful equip- 
the loop. 


Q: One survival tactic you mention is to 


maintain perspective in the midst of action. 
A: It’s not easy. You need a set of basic 
questions to ask in the midst of action: 
“What are the real stakes? What is this 


| 
| 
losses involved? What are the adaptive 
aspects of this challenge, in addition to | 


| the technical aspects?” Those will help 
you reflect. You also need allies and 


confidants to pull you by the collar and 


RONALD A. 
HEIFETZ says to 
beware of finding 
yourself “marginal- 
ized” and out of 
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say, “Let’s look at what went wrong 
and what went right.” 


Q: Another tactic is to acknowledge your 
own responsibility for the status quo. Why is 
that important? 

A: First, because you can then begin to 
correct how you're contributing, and 
because you will have more credibility 
in getting people to take losses [and] 
generate a new competence if you can 
talk about how you’re going to have to 
generate a new competence too. 

One of the big problems of adaptive 
change is to bring along the uncommit- 
ted, and your credibility among the un- 
committed will rest on several factors. 
Key among them is your ability to own 
up to your piece of the mess and to 
model the reflection and learning 
you’re asking of them. 


Q: I like the idea of “cooking the conflict.” 
Can you talk about how that can help a 
leader survive? 

A: Getting people to tackle tough prob- 
lems generates conflict, so leadership 
has a lot to do with cooking the con- 


| flict. By that I mean creating a contain- 


ing vessel — structures and processes, 

like meetings or a task force — to bring 

together key parties with different 

vested interests and orchestrate 

conflict. 

The trick for you is not to be a 

source of conflict; be the person point- 
ing at it and structuring the 
process to deal with it. Let a 
variety of advocates work the 
issue. 


Q: You say it’s important to en- 
gage others by not trying to solve 
all the problems yourself. But 
isn’t there a danger of looking 
weak or indecisive? 
A: Yes, there is that problem. 
To maintain credibility, you 
also have to display your au- 
thoritative expertise in all the 
situations for which a techni- 
cal remedy is possible. 

But in adaptive challenges, 
you can’t provide an authoritative so- 
lution, because the solution lies in 


| changing peop!e’s behaviors. If they 
| don’t change, there is no solution. 

| [They need to] grapple with the is- 
| sues and internalize the need for 

| change. D 


FOR FURTHER REVIEW 


Read the last three discussions with Harvard 
Business Review authors: 


e QuickLink: 29371, 28383, 27714 
www.computerworld.com 
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Dear Career Adviser: 


Dear Facts: 

If you’re interested in ana- 
lyzing DNA to solve violent 
crimes or unraveling Enron 
Corp.’s financial woes, there 
are essentially two types of 
computer-related career 
tracks, says Susan Narveson, 
president of the Largo, Fla.- 
based American Society of 
Crime Laboratory Directors 
(ASCLD Inc.) and administra- 
tor of the Laboratory Services 
Bureau for the Phoenix Police 
Department. 

In computer forensics, an 





I have been in the criminal justice profession for 14 years 
and want to develop a career in computer forensics. I’m 
computer-proficient and have taken a few computer 
forensics courses. What specific coursework and experi- 
ence are required to work in this field, and what are the 
job opportunities? 


— JUST THE FACTS, MA’AM 


individual examines confiscat- 
ed computers, disks and data. 
The other option is a career in 
computer systems manage- 
ment for crime laboratories 

Computer forensics work 
typically involves tasks such 
as reconstructing data for in- 
vestigators who want to use it 
to link suspects to criminal ac- 
tivity. In this case, you would 
need an extensive background 
in all computer operating sys- 
tems, including models and 
systems no longer in use, plus 
training in the methods used 
by criminals to hide data. 


Alternatively, working in 





crime laboratory systems 
management might involve 
working with databases such 
as the National Integrated 
Ballistics Information Net- 
work and the Integrated Auto- 
mated Fingerprint Identifica- 
tion System, as well as the 
Laboratory Information Man- 
agement System. Both areas 
require a computer science 
degree. Laboratory manage- 
ment jobs may also require a 
degree in a physical science 


| such as chemistry. 


Computer forensics jobs are 





WORKSTYLES 


Unlimited Outlook 


Monika Foy, applications 
manager at Limited Technol- 
ogy Services (LTS), the IT 
arm of The Limited Inc., talks 
about the stress and rewards 
involved in developing sys- 
tems for the clothing and per- 
sonal products retailer. 


What are the most critical sys- 
tems supported by your depart- 
ment? “There are three silos 
within LTS. The area I am 
under is development, and 
there’s also support and the 
ETO [enterprise technology 
operations] group, who are 
the hardware and software 
experts. My group supports 
data warehousing. The data 
warehouse effort has been 
going on for five years, and 


: we're dedicated to one 
: brand at a time. Once we’re 


finished, we transfer the 


: day-to-day support to the 
: LTS umbrella.” 


: How would you describe the 

: pace of the work? “It’s very 

: intense. My team has been 

: together for the last two 

: and a half years, and we're 

? looking forward to a nice 

i summer, because there’s 

: been quite abit of overtime 
: and a lot of stress. This sum- ; 
: mer isthe first opportunity : 
: in a long time where I see 

: downtime for the team.” 


How would you describe the 
: overall culture of IT at your 
: company? “I consider LTS to 


: be energetic, diverse, innova- : 
: tive and smart. My team it- 

: self is like a basketball team. 
? They’ve figured out each 

: other’s strengths and weak- 
: nesses. Everyone knows 

: who's strong at what.” 


: your IT department have with 


: business users? “It’s constant. : 
: In fact, when we work on 


Limited Technology 


Services 


Who they are: The technology arm of 
retailer The Limited Inc., whose brands in- 
clude Express, Victoria's Secret and Bath 
& Body Works 


Main location: Columbus, Ohio 
Number of IT employees: 750 
Interviewee: Monika Foy, applications 


manager 


_ What do you like best about 
: how career advancement and 
: training are handled at your 


: The Limited, I have seen 


usually in the 
public sector. 

A criminologist 
with a systems 
background might 
start at $36,000 
per year, rising to 
around $80,000 as 
a manager, notes 
Narveson. 

Pay appears to 
be rising as this 
field moves to- 
ward formal ac- 
creditation. The 
American Acade- 
my of Forensic 
Sciences in Colorado Springs 
(www.aafs.org/Education/ 
schools].htm) has information 
about undergraduate, graduate 
and doctoral criminal justice/ 
forensic science programs. 


Dear Career Adviser: 


I'm a software engineer who 
moved into product manage- 
ment in the wireless arena. Af- 
ter two and a half years as a 
product manager in a shaky sit- 
uation, I began to look for a 
new position. 

When I received an offer for 
a new job, I gave two weeks’ 


projects together, we hold 


company? “Since I started at 


FRAN QuiTTEL is an expert 
in high-tech careers and 
recruitment. Send 
questions to her at 
www.computerworld.com/ 
career_adviser. 
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notice and was told 
to leave that day. 

I would have 
been able to work 
for the next two 
weeks and want 
my pay plus posi- 
tive references in 
the future. 

The company’s 
position is that it’s 
an “at will” compa- 
ny and that it owes 
me nothing. 

— ESCORTED OUT 


Dear Escorted: 


Your employer may be an 
at-will company, but more 
depends on whether it has a 
two-week resignation notice 
policy specifically written 
into its employee handbook, 
explains Tina Duccini, a hu- 
man resources consultant in 
Napa, Calif. 

Although some companies 
might give you two weeks’ pay 
to retain your goodwill with- 
out a written policy, she says, 
they are really under no oblig- 
ation to do so, and many will 
walk you out the door when 
you announce you're leaving. DB 


; many facets of each of our 
: daily status meetings, where : 
i we get together with key : 
: users for half an hour to dis- : 
: cuss issues, status and the 
; overall timeline.” 


brands and the technology 


: that supports them. As we go 


from one data warehouse to 


: another, we also move from 
? apparel to personal prod- 

: ucts. It’s a very different 

? product with different busi- 
i ness characteristics.” 


What aspect of work do you 
: look forward to each day? 


i “I absolutely adore my team. 


: That really motivates me to 

: walk in the door every morn- 
i ing. It’s a good environment, 

? even when it’s stressful, and 

: we know how to let off steam 
: and have a good time.” 


: What aspect do you dread each 
: day? “The stress. It’s the 


: work/life balance that I need 


i to stay on top of. I can get 
i carried away.” 


- Mary Brandel 
brandels@attbi.com 
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Spending More money won't guarantee database performance. A smarter storage strategy will. 


Buying more hardware is the only way to cope with a sluggish database, right? Not in this economy. Here’s 
a smarter idea—Active Archive™ Solutions from Princeton Softech. Active Archive slims down overioaded 
databases by setting aside infrequently used data. Yet keeps the data “active” and referentially intact so 
you can browse and restore whenever you want. All without spending a fortune on more upgrades. To learn 


more, call 800.457.7060 or visit www.storesmarter.com. 
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Store Smarter 


You're an IT professional, not an Internet traffic controller. 


Sick of saying “no” to co-workers’ online access requests? Let Websense Enterprise Web filtering software handle your Internet 


traffic control duties. Our customizable features save time and headaches. Whether you need to serve 50 or 50,000 users, 
manage Internet access by individual or group, or enable surfing at lunch or after hours, Websense gives you options. 

All in an easy-to-install and implement solution. Get the Web filtering software tested and trusted by more than half the 
Fortune 500. And put away that orange vest for good. — 

\ WJEBSENSE. 


Stop by www.websense.com today for your free, fully functional 30-day trial. EMPLOYEE INTERNET MANAGEMENT 


NASDAQ: WBSN 
WEBSENSE INTEGRATES WITH LEADING INFRASTRUCTURE SOLUTIONS SUCH AS: 


g is 


Cisco Systems is ae ' 
> Verified (CHECK PoINT AchePbux in, kit eomnd Microsoft NetworkAppliance’ NETS CREEN- 
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THE RIGHT PRICE 


Revenue optimization technol- 
ogy can help set prices for maxi- 
mum profitability, but the tools 
and processes require training 
and historical transaction data 
to deliver results. PAGE 48 


EMERGING 
TECHNOLOGIES 


New disk-based backup systems 
designed around inexpensive Ad- 
vanced Technology Attachment 
drive arrays promise faster backup 
and recovery times at prices com- 
petitive with those for tape. PAGE 52 


QUICKSTUDY 


Replication is the process of mak- 
ing duplicate copies of enterprise 
data, either at the application or 
storage level, for content distribu- 
tion, disaster recovery or other 
business needs. Learn more in this 
week’s primer. PAGE 54 


Security manager Vince Tuesday 
discovers that cutting remote- 
access costs while maintaining 
security standards is no easy task, 
but it’s a necessary one in the cur- 
rent business climate. PAGE 56 


TECHNOLOGY = 


NICHOLAS PETRELEY 


mention for two reasons. 


First, it’s still an outstanding language with a lot of 
performance-enhancing options available, such as the 
Perl module for the Apache Web server. Second, the 
temptation to share my personal view of the language 
was far too great. Put it this way: If you toss a bunch 
of monkeys into a roomful of typewriters, the chances 
of them accidentally producing the complete works 
of Shakespeare are effectively nil. The chances of 
them producing a working Perl program, however, 
are actually good. In short, it may be a great language, 
but I don’t have to like the way the code looks. 

PHP (www.php.net), also known as Hypertext Pre- 
processor (So why isn’t it HPP? Go figure.), is the C 
and C++ of server-side scripting languages. It’s a 
C-like procedural language when you want it to be, 
and object-oriented when you prefer C++. And it 
integrates directly into HTML when you want your 
code to be entirely unreadable. 

I’ve been using and modifying two open-source 
PHP Web applications for a couple years now with 
a great deal of success for my nonprofit sites Var- 
Linux.org and Petreley.org. The first PHP project 
I used was the weblog software PHP-Nuke Version 
4.4.1. This version began as a classic example of 
sloppy programming, and I confess my 
additions haven’t improved it much. FUD- 
forum, on the other hand, is a much more 
carefully crafted piece of work from start 
to finish. If you are in the market for high- 
quality discussion forum software and will 
consider deploying it as a PHP program, 
this is the open-source project to beat. 

A list of server-side Web application lan- 
guages wouldn’t be complete without 
mentioning Python (www.python.org). 
When it comes to languages, I actually 
prefer Python to Java or PHP. Its esoteric 
use of white space tends to freak out some 





NICHOLAS PETRELEY is a 
computer consultant and 
author in Hayward, Calif. 

He can be reached at 

nicholas@petreley.com. 


Unsung Alternatives 


COUPLE WEEKS AGO, I wrote about Qt, the multiplatform 
C++ user interface tool kit by Trolltech (www.trolltech.com), 
as a possible alternative to Java for building platform-inde- 
pendent end-user applications. I would like to recommend a 
few more unsung alternative technologies this week, with the 
focus this go-around on Web programming languages. 
First up is the tried-and-true Perl. The Web once ran on Perl, so I hesi- 
tated at first to include it in a list of unsung alternatives. But Perl deserves 


programmers, however. The only way to write a 
proper Python program is to indent the code proper- 
ly with the tab key or space bar. 

Don’t even think about experimenting with Python 
for Web applications until you’ve visited the Web- 
ware for Python site (http:/Awebware.sourceforge.net). 
Uniess there’s some other Python project out there 
I’ve missed, this is the definitive means of combin- 
ing Python with the Web. 

The only problem with Webware for Python is that 
it isn’t terribly well documented, so you may find it 
a bit difficult to get running at first. But if you’re a 
Python fan, you'll find it well worth the effort. The 
sample programs, while primitive, provide good 
examples of how to use Python objects to use parti- 
tioning to separate the look and feel of your Web 
application from the business logic and data. 

I should also mention another object-oriented lan- 
guage, called Ruby (www.ruby-lang.org). I know next 
to nothing about this language, but it’s worth listing 
here just to avoid the dozen e-mails I'd get from Ruby 
fans who feel obliged to let me know I neglected to 
mention it. It must have a bit of a following, because 
there is a module available for running Ruby pro- 
grams directly from the Apache Web 
server. Then again, there seems to be an 
Apache module for just about every lan- 
guage, including Tcl and LISP. Well, it’s 
not entirely bad. I’m not aware of any 
Apache modules that support Fortran, 
Cobol or GW-Basic, but no doubt some- 
one will send me a Web address to prove 
one exists. 

If you truly believe in using the right 
tool for the job, it pays to explore op- 
tions other than Active Server Pages, 
Java Server Pages, .Net and J2EE. I hope 
these suggestions will get you started. D 
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Revenue optimization tools can give profitability 
aboost, but success depends on training and 


data integration. 


OOKING TO NAVIGATE its way 

to maximum profitability, 

Continental Airlines Inc.’s 

cargo division has turned to 

software automation to hold 
the line on profit and get the most cash 
possible from its aircraft freight com- 
partments. 

The group uses a customized soft- 
ware package from Rockville, Md.- 
based Manugistics Inc. to ensure that it 
sells all available freight space at the 
most profitable price. During the past 
two years, the application, which the 
airline has dubbed CargoProf, has 
saved the company roughly $9 million 
by making freight bookings more effi- 
cient, says Ed O’Meara, director of car- 





go revenue management at the Hous- 
ton-based airline. 

“It forecasts cargo capacity, and it 
then nightly sets an optimal value on 
what we need,” he says. “It creates the 
threshold of value we need when tak- 
ing bookings, vs. available capacity.” 

Continental is just one of many com- 
panies that have begun applying ana- 
lytic software to systematically arrive 
at the right price for the right cus- 
tomer. The factors the software takes 
into account vary by industry. 

The new system at Continental lets 
booking agents forward freight order 
requests for reservations on a given 
flight, says O’Meara. The legacy reser- 
vation system captures order data such 


as a shipment’s weight, dimensions 
and contract price and forwards the 
data to CargoProf. The software 
checks available capacity in the air- 
plane’s bays, taking into account both 
the weight and size of the cargo, and 
compares it against a preset pricing 
model. It then adds several other vari- 
ables, such as expected passenger bag- 
gage and even extra fuel requirements 
based on seasonal factors, before 
crunching the numbers. CargoProf 
then either accepts the reservation at 
the customer’s contract price or rejects 
it if taking on the shipment isn’t cost- 
efficient. 

If it rejects the order for one flight, 
CargoProf can also check to see whether 
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an upcoming flight could profitably 
carry the cargo. In addition, CargoProf 
can handle incremental price changes 
for rush shipments. 

O’Meara says the installation was a 
bit of a challenge but adds, “We didn’t 
have as much trouble with the applica- 
tion as the process changes we had to 
undergo to use the system effectively.” 

Training users on navigating and us- 
ing the complex system was also a big 
undertaking. For example, Continen- 
tal’s capacity management team had to 
learn how to override the capacity 
forecast on a certain flight due to un- 
expected head winds, which would re- 
quire greater fuel load, says O’Meara. 

He cites other examples of the 
teaching challenge. For instance, Con- 
tinental had to train cargo reservations 
agents to get enough information when 
taking orders. Training won’t help un- 
less the users understand the underly- 
ing business processes, and that often 
requires specialists. 


A Tool Box Approach 


These revenue optimization tech- 
niques are less a set of products than 
an approach that uses analytical 
tools in order to get as much of the 
price of a product or service into a 
company’s pocket as possible, says 
Kevin O’Marah, an analyst at Boston- 
based AMR Research Inc. The ap- 
proach requires special training and 
integration work, but after this is done, 
say users, companies are able to re- 
spond to changes in the marketplace 
with greater agility. 

There are different ways to deploy 
revenue optimization tools, O’Marah 
says. For instance, they may help in de- 
termining the right selling price for an 
item, in figuring out how to offer dis- 
counts or in deciding what to charge a 
given customer for an airline seat. The 
market is based on what O’Marah calls 
“pricing along the demand curve,” 
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WHEN YOU’RE DOWN, 
YOU’RE OUT. 





Network Appliance makes backup and recovery 
simple... and faster than ever before. 


The NetApp’ NearStore”™ solution Now more than ever, your business 
works with your existing backup relies on information access. and 
infrastructure to provide easier protection. You can rely on Network 
backup and faster recovery of your Appliance to deliver the nearline 
business-critical information. All at storage solution that will keep your 
a total cost of ownership that will network up and*running 
astound you 

\ Find out how NearStore is making 


www.netapp.com/fast/recovery 


business continuance simple. Visit (ey 


NetworkAppliance’. 
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uman Factors in Global 
Contingency Planning 


A User/M unagement Perspective 


But people are more effective with 
resources 
@ Planning and 


recovery teams more options, enhanc 


testing give 
ing their chances of success 

@ Adequate resources ensure that 
plans can be properly executed and 


also help teams respond quickly to 
events that are 
Excerpted from 
Tg 
ag gy eh le 
ae RSC) 


and Evan Marcus 


unexpected 

@ Support 
allows recovery 
teams to concen 
trate on the tasks 
at hand 

[his paper discusses the forma 
tion pre paration ind support ot 
recovery teams from the standpoint 


of the people who comprise them 


er 
nized groups of peopl 
ally fix problems caused by disast 
Recovery team members are th 
ple who actually have the w 
in their hands and the keyboat 
their fingertips. They are the individ 
uals who must perform under inter 
pressure during a stressful recovery 
Naturally, the success of a r 
team is directly related to th 
ties of the members. Too often 
C recovery teams are popula 
junior staff members or by 
ed staff members. TI fects of st of d time 
for disaster 


short-sis best candidate 


during a disaster, as minutes recovery teams might be character 


and management calculates the c 1 as thought leaders in the r: 
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people that everyone goes to with 
day-to-day problems. These people 
typically understand the enterprise's 
systems, and can usually fix small 
problems quickly and with an eye 
toward the ramifications of their 
actions 

Not only are these thought leaders 
the enterprise’s most knowledgeable 
and capable members, they also tend 
to be trusted, confident, able to cor 
rect their own mistakes and dedicat 
ed to the success of the enterprise 
Table | lists additional characteristics 
of ideal disaster recovery team mem 
bers, as well as some characteristics 
that should be avoided during team 


selection 


Practice Makes Perfect 


Enterprise resiliency is expensive 
both financially and in human terms 
In order for an enterprise to be 
resilient, its executive management 
team must invest the time and 


of the most valuable staft 


of some 
members in preparedness. Not only 
must these valued employees be 
trained in recovery techniques, they 
must also practice disaster recovery 
regularly 

The objective in testing a disaster 
recovery plan is to learn what doesn't 
work. It is better to find problems 
during a test rather than in a time of 
disaster. Experienced staff membet 
are most appropriate for conducting 


tests because they are the best able to 


recognize flaws in the plan 


Supporting the Recovery Team 


The work of recovery teams is an 


enterprise's critical path to disaster 
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Table 1: Disaster Recovery Team Member Characteristics 


eR roel aC) 
lulls me OUT le lacie hd aon 


Considered expert by peers 
Considered a go-to person for 
problems and questions 

Works well under pressure 
Confident 

Understands how parts of the 
enterprise interact 

Committed to the success of the 
enterpris« 

[rusted by managers and peers 
\ble to manage and prioritize 
but also to take direction 
Willing to fix problems create: 


by others 


recovery Recovery teams must be 


Yr 


1 1 | 
ible to focus on their work. Providing 


i single tocal point for status report 


le 
helps meet that requirement 
Other actions that tend to streamline 
a recovery team’s work should be 
idopted is Well. For exampk if desk 
top computers more powerful than 
the enterprise norm would speed 
recovery, an investment in the more 
powerful PCs would be money well 

If executive management 

es could circumvent depart 
mental bureaucracy 


those directives 


] 

should automatically follow a disas 

= 
ter aeclaration 

Recovery teams 
given the best possible operational 
ind logistical s ipport. Prompt, effec 
tive fulfillment of simple roles, such 


issistant or note taker 


st ectiveness of 


| 


academe. Vue) 


Hands off manager who doesn't 
actually work on systems 

New to the organization or unfa 
miliar with its systems 

Narrow focus (lack of concern 
for other enterprise functions) 
Tendency to err under pressure 
Not adaptable 

Lacking a sense of urgency about 
disaster recovery 

Tendency to assess blame rather 


than working on problem 


skilled recovery team members 
\ssistants can fill basic needs (there 
can never be too much food, caffeine 
or water at a recovery site), or assist 


with liaison to other 


functional 
teams. Note takers maintain the all 
| 


important timeline record require 


ments and events as they occur 
remind team members of upcoming 
events, and even act as team spokes 

people to the enterprise 
Complete support teams also help 
streamline recovery. For example, a 
group of technicians charged with 
verifying the work of a recovery team 
not only relieves the team of that task 
but also provides independent quali 
ty assurance. As another example, the 
s network and desktop 


support teams can relieve recovery 


teams trom having 


to provide thelr 


own technical support. Any support 
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that enhances a recovery team 
ty to focus on its core 


recoverability 


Management Structure 
The Disaster Recovery Chain of Command 


In recent years, disaster recover 


professionals have favor 


The Executive Role 


ly t r 
isaster 


Never Forget Murphy's Law 


A company tested its disaster 
recovery plan regularly, but took some 
shortcuts. Disasters were simulated on 
Wednesdays because Tuesday night 
was full backup night Recoveries didn't 
have to deal with incremental backup 
tapes. Backup tapes were shipped to 
the recovery site beforehand so 
restores could actually begin before 
the simulated disaster. Personnel from 
all shifts were on hand to support the 
recovery and to learn from their col- 
leagues. 

One Friday night, the CIO marched 
into the data center and ordered an 
immediate disaster declaration. The 
first problem was that nobody knew 
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who was authorized to declare a disas- 
ter. When the recovery site was finally 
convinced to stage a recovery, the site 
manager learned that his night staff 
didn't know how to restore incremental 
backups. Worse yet, there was no con- 
tact information for the more experi- 
enced prime shift operators. 
Fortunately, the ClO was a sensible 
person, and didn't conduct mass fir- 
ings. But the lesson was learned. 
Disaster recovery plans should be 
relentiessly probed for shortcomings, 
using Murphy's Law as a guideline. If 
something can go wrong, it will. 
~Andy Bonomo 
VERITAS System Engineer 


aie 





Whatever the chain of command 


idopted for disaster recovery, it is 
important that both the recovery plan 
ind the enterprise’s day-to-day 
behavior reinforce the principle that 
once a disaster has been declared, the 
recovery chain of command is in 
1 ' 
charge, and significant decisions 
must be made through it. (This is onc 
reason why it is so important for an 
organization to have a formal process 
for declaring a disaster) 

If leadership during disaster 

recovery differs from normal organi 

tional lines, a pro tempore recovery 
organization chart should be pub 
lished as part of the recovery plan. It 

' ' 

should be clear to the entire organiza 
tion that the recovery organization 
will be in effect from the time of a 
| lar r ] } 
declaration until the event manag: 


ment team stands down 


How Disasters Affect People 


The rapid traumatic change that 


results from disasters affects peopl 
both as individuals and as group 
members in unpredictable way 

Disaster may bring out the best it 
them, as with soldiers who becom 
heroes in battle, or as with ordinary 
people who emerge as leaders in a cri 
sis. Disaster may also devastate peo 
ple and make them unable to function 


effectively 


dramatica 


3 ‘ 
within a short time. A big part ol 


recovery team’s responsibility is deal 


ing effectively with the issues of being 


human 
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An Ounce of Prevention 


The data center of a nationwide 
retailer that relies on its enterprise 
network to conduct business was 
struck by a hurricane. The main server 
room lost power and was flooded. The 
(apparently adequate) recovery plan 
specified that a particular administra- 
tor was responsible for recovering the 
server room. When the emergency 
management team finally located the 
administrator, he said, “Sorry, the roof 
of my house blew off and my family is 
homeless. We're leaving the state. I'll 


Personal and Family Requirements 


Psychologist Abrahi 


Maslow 


identified a hierar 


} } 
ind social sroup interaction, and on 


I 
(a sell-motiva 


call in @ few days.” 

must be an integral part of a disaster 
recovery plan. Had this company 
planned for the possibility of such a 
accommodations for this key employee 
and his family might have been pre- 
arranged, which would have allowed 

him to help with the recovery. 
~ Bill Weston 
Master Business 
Continuity Professional 


that recovery teams and other affect 


d staff members will attend to their 
recovery, support ind management 
PI 


rol 
les 


Not only must recovery plans pro 


vide for key staff members’ personal 


ind family needs, people must be 
iware that their personal needs 
during a recovery 

1ay simply disap 

like the admin 
An Ounce ol 

ention”). Recov eam mem 


rs should be made to feel that the 


enterprise cares about them and their 


nd food to a 


families, either 
lves or in cooperation with 
wuthorities. In such cases 


resources professionals 
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should be available to help negotiate 
access to medical care using, food 
day care, and other necessities. If 
recovery team members see that these 
measures are in place, they are more 
likely to concentrate on enterprise 


recovery 


Dealing with Disappearance 


Many uncontrollable factors 


including death, personal injury 
transportation system failure, and 
personal considerations such those 
scussed in the preceding section 
prevent recovery team members 
being available when t 
most needed. Even the most complete 
recovery plan can fail if key recovery 
team members are not present to exe 
cute their parts. If during a disaster 
team member fails to ap 
expected without explanation, two 
things must be done absolutely as 
soon as possible 
@ Efforts must be made to locate 
the missing team member, preferably 
by non-team members ler team 
members will naturally be concerned 
for missing colleague, and be dis 
tracted from the tasks at hand 
Knowing that efforts are being made 
to locate the missing team member 
in alleviate that concern 
@ A substitute for the missir 
team member must be identified so 


recovery can proceed on schedule 
The best substitutes are obviously 
individuals within the enterprise 
with similar skills and knowledge 
Basic or generic skills can be obtained 
through contracts with agencies or 
individuals. Recovery plans should 


provide for replacing key individuals, 
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Until basic 
~ met, people won't faa 


as Well as contain sources for tempo 
contract labor to meet 


uoreseen requirements 


Demotivation 


Recovering from a disaster can be 
werwheln s TH i yeven 
overwhelming. [he unforeseen events 
that inevitably complicate any recov 

lead to personal { ration 
ind loss of mot I the 


recovery through to completion \ 


recovery team can do several things to 
ninimize demotivation, both within 
the team and across the enterprise 

@ Frequent testing. People are 


more comfortable familiar situa 


tions, particularly during stressful 
times. If a team has practiced its 
recovery plan several times before an 
actual disaster, team members can 
more easily visualize the recovery 
goal, and therefore they will not be 
overwhelmed by intermediate tasks 
The confidence that comes from fre 
quent testing can actually result in 
excitement. Even though no one 
wishes for a disaster to happen, it can 
be exciting for a recovery team to see 
a well-tested plan actually work in a 
real situation for the benefit of the 
enterprise 

@ Effective eve management 
Following solid event management 
guidelines can also reduce demotiva 
tion. When a recovery : pears or; 
ized, and each functional team un 
stands its role, individuals and teams 
ire less likely to feel overwhelmed 
Such guidelines typically follow two 
ixioms that also help minimize 
demotivation: (1) focus on advancing 
the recovery, not on problem 
encountered, and, (2) focus on mini 
mizing damage through solid team 


work rather than being concerned 


A 
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rr ent inte 


ibout placing blame or attacking the 
guilty 
in spite of everything, teams 

n to exhibit signs of demotiva 
tion, several things can be done to lift 
their spirits. Executive visits and 
messages prais 
are immensely rew 
Broadcasting notice of succe 
matter how small, can also enc 
teams that are having difficulty 

Very rarely do recovery teams 
become demotivated because they 
have lost sight of the importance of 
their task. Reminding them how 
important their t is or explaining 
the ramifications of failure does not 
help 

Teams usually become demotivat 


ed because they are « whelmed and 


continue to face setbacks. In order to 
re-motivate them, find ways to relieve 
the feeli 

Bringing 

resources 

interme 

other team solve 

are all great ways to re-energi 


team that’s feeling down 
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Recovery Teams and Stress 


Stress is an integral part of mod 
ern life; indeed, moderate stress is 
healthy and invigorating. But too 
much stress, as can occur when a 
recovery team is dealing with a disas 

can become counterproductive 
and damaging. Close adherence to 
well-documented event management 
practices can mitigate stress during 
disaster recovery. Freedom from per 
sonal concerns among recovery team 
members also tends to mitigate 
stress. The more conclusively an 
enterprise demonstrates that it values 
staff members’ well being, the more at 
ease (and therefore focused) recovery 
team members will be. Caring can be 
demonstrated in many ways includ 
ing keeping recovery teams well sup 
ed with food and drinks, regularly 
wcknowledging team mem con 
tributions, and listening to and acting 

Ig gC StIO! 5 

Scheduling teams to work in shifts 
of no more than 12 hours reduces the 
potential for overstress from nout 

show signs of overstress, one 


simply to take a break from 


team members 
1 
recovery task 


stress can build because there is noth 


ing to occupy their minds as they wait 
for the pressure to recommence 
Magazines, books, playing cards, and 
so forth available for use in the recov 
ery facility can distract peo 
momentarily from the pressures of 
recovery 

re directly related, giving 
recovery team members the chance to 
see their work in perspective by shar 
ing information with them can also 
greatly reduce stress. Team managers 
should regularly present the status of 
the overall recovery and discuss how 
each functional team’s work fits into 
it. If roadblocks turn frustration into 
stress, management should assist in 
finding workarounds and additional 
resources that allow teams to return 
to recovery tasks relaxed and with 


renewed encouragement 


Death and Injury 


When a staff member is injured or 
1 in any way related to an enter! 


prise (whether during disaster recov 


Why do disaster recovery 
teams lose motivation? 
Frequently it's because 

they're overwhelmed and 
continue to face major 

setbacks. When that hap- 
pens, they may need 
fresh resources or more 
achievable goals. 
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HP’s Virt s save you money by automating the manual 
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adding storage space and protecting your data—autoratically 
Freeing y valuable IT resources and taking the mystery out of 


efficient data management 


[ Hurry, and request your free copy of the 
HP sal Array: Double Your Operating Efficiency guide 


now, visit www.hp.com/info/virtualarray | 
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ery or not) several situations arise 


that must be handled delicately. First 
and foremost, the enterprise should 


express condolences, and offer the 


victim's family support and assistanc¢ 


with benefits and other issues 


Helping a victim's family is one 
important way for an enterprise to 
show that it cares for its own. Being 


forthcoming with assistance also 


tends to mitigate negative media cov 


erage resulting from the mishap, but 


this should clearly be a secondary 


concern 


Second, the affected staff mem 


ber’s co-workers should be apprised 

of the situation. With injuries, regu 

lar reports on the injured colleague's 
' 

condition can help keep the rest of 

the team’s spirits up. The enterprise 

should establish a means by which 


co-workers can communicate with 


the injured party or family. Enterprise 
gestures such as gifts or flowers 
should ideally be perceived as coming 


from co-workers 


sis councilors should 


help co-workers deal with the trau 
ma. The death should be acknowl 
edged, but shoul 
the enterprise in any way 

For example, alter 


severa 


uttacks 
| 


prises displayed 


Trade Center 
p I S 
picture 

} ! ' r 
names in their disaster recovery sites 
co-workers whi 


order to honor 


had been killed or injured it 


tragedy. It’s importan 


l 
these were not 


encourag 
people to work harder, or to rec 
the enterprise for the sake of the 


en employees Enterprises 


) / HUMAN FACTORS IN GLOBAL CONTINGENCY PLANNING 


honor lost employees, console and 
issist their families, and attend to the 
physical and emotional needs of who 


\ 
ure those still working 


Getting People Back to Work 


Most disasters threaten human 


safety. Hurricanes, fires, floods, work 


place violence, industrial accidents 


r n nc ] | 
terrorism, ice storms, and gas icaks 


ire all events that threaten people's 
physical well 1g. People are natu 
rally reluctant to put themselves back 
in harm's way after escaping once 
en if they are recovery team mem 
xers who are accustomed to disaster 


scenarios. Enterprises 


must 


that their recovery teams 


y teams with enterprise though 


while they conduct recoveries, and 
moreover, must make team members 
el safe 


Convincing People to Work 


Recovery facilities should be and 
feel safe. One Dallas company has a 
major facility close to the airport 

recovery site six miles away 
acceptable for most disasters 
but the site is just a couple of miles 
from the other end of the same airport 
runway. If a plane were to crash into 
the primary facility, most employees 


would not be to report to the 


eager 


recovery site 


Most commercial recovery service 


providers have solid buildings, fenced 


vh | | 
vno understand 


he asked to recover 


rs unple opportunity to practice recoveries in order to 


| develop contid 


porting 


wional structure 


l 
loch 
ina ct 
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properties, locked doors, security 
personnel at all entrances, well fil 


tered HVAC systems, and sophisti 
] 


cated lire suppression systems, along 


with direct lines to local fire, police 
and emergency services. Recovery 
teams feel safe at these locations 
because they are safe. Enterprises 
designing their own recovery facili 
ties should follow these practices as 
well 

Members of the enterprise securi 
ty department should be part of the 
recovery team, to enforce security at 
the recovery site. Security personnel 
] 


should be more visible than usual 


verifying identification at check 
points and looking for potential secu 


his kind of activity is 


rity problems. 1 
often regarded as intrusive in normal 
times, but can actually make people 
feel more at ease and secure during 
disaster recovery 
In some disasters, housin 

ery team members in nea 
can be important for safety and com 
fort as well. Recovery team members 
tend to be more comfortable if housed 
with their colleagues in a secure hotel 
a short shuttle ride from the recove 

han they would feel driving 
home each day. If circumstances per 
mit, team members should have the 
option of staying in a nearby hotel 
(with their families) or staying at 
home and commuting — whichever is 


r tahle for 
more comfortable for 


People: The Most Important Asset 


This paper began by pointing out 
ul other elements of disaster 


1 n 
recovery simply serve to allow people 


to restore enterprise operations uter 


WumMan 


ADVERTISING SUPPLEMENT 


MCT ete ge sit a ae lad MSM ET Rema] 


\lleviate recovery team workloads with support personnel and other time 


saving resources 


l l 
Organize communications so that team members have only one person to 


uMs as necessary to maintain smooth recovery | 

et people do what they do best. Executives should make strategic deci 
. 1 

sions; line managers should coordinate resources and make tactical deci 


sions, technicians should fix problems 


nsure that team leaders are sensitive to team members’ personal needs and 


resources that the enterprise has put in place to meet them 


that team members’ families are cared for if the disaster affects them 


Locate missing tean 


whereabouts 


] tr | mar y sent pr y r n 
ollow the established event management process during every event 


ment to reward and encourage recovery 





how small 


shift durations of no more than | 


to take break 


unment tor people \ 


rente 


status of the recovery with everyone 


| | 
niles of injured ¢ 


recover 


short time I LIST T List I Dest practices 


resources best pra nd recovery stages.* 
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And now, a few words 
about data back up: 


For the tech crowd: 
BrightStor™ S 


More. More. And now. These are the words most frequently 
associated with storage needs. The explosion in web activity, 
the perpetually increasing number of applications coming 
out that require larger databases and the spiraling complexity 
of enterprise storage solutions has increased the demand for 
immediate solutions to growing storage problems 


That's why there’s BrightStor from Computer Associates (CA) 
The most comprehensive family of storage solutions on the 
market, BrightStor solutions are completely and totaily open 
Which means that unlike most vendors, who are focused 
solely on their individual solutions, BrightStor brings multi 
vendor systems and the environment together seamlessly 


What does this mean for you? It means optimization of 
resources across al! platforms and storage types. It means a 
greater understanding of your storage resources and how to 
best allocate them to fit your needs. And it means a lower 
total cost of ownership 


Specifically, BrightStor provides you with unparalleled data 
protection, real-time data availability, and the ability to view, 
manage, and monitor your resources from a central location 
And BrightStor is the only software of its kind that 
incorporates CA‘s portal technology —the leading portal 
solution on the market 


Why rely on Computer Associates? Because we're a 
completely independent software company with over 
25 years of experience. That’s how we got to be the 
software management experts. And that’s why 99% of 


the Fortune 500® rely on our software 


We know that storage is no longer just backing up what you 
already have. It’s facilitating integration with every aspect of 
your entire eBusiness. It’s leveraging all of your existing 
capabilities to maximize your resources enterprise-wide. And 
most important, it’s using what you have to find future 
opportunities and capitalize on them 


For everybody else: 


Reliable = Good. 
Unreliable = Bad. 


Computer Associates™ 


ca.com/brightstor/storage 





Someday your business continuity solution will be called on to save your company. 
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Cargo Optimization 
At Continental Airlines 


@ a: 


CARGO 
BOOKING 

CONFIRM/ 
REJECT 


CARGO 
its VEL) 


AGENT Sy E31) 


A 


AVAILABILITY/ 


& boy Ni tcle] att) g MINIMUM PRICE 


pias 
MANAGEMENT SYSTEM _ 


aac 
STH elt 
BS) atia dali 


PASSENGER 
BOOKING 


"9 F 
* 


When a booking agent (1) requests a cargo reservation, the cargo reserva- 
tion system (2) passes the shipment details and customer contract rate 
data to CargoProf (3). Meanwhile, the passenger reservation system (4) 
feeds a passenger forecast to the flight schedule server's cargo capacity 
forecaster (5), which calculates expected cargo capacity each night for 
every flight. It passes this capacity data to CargoProf, which calculates for 
each flight availability and the minimum prices that a booking must meet or 
exceed in order to be profitable. The cargo reservation system then accepts 
or rejects the request. Agents with rejected requests can then either try a 
different day or route or sell the customer into a higher rate class. 
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TECHNOLOGY — 


where, ideally, the vendor can charge a 


| premium price to one customer while 
| charging a lower fee to another. 


“Revenue optimization really isn’t a 


| market in and of itself,” says Karen Pe- 


terson, an analyst at Stamford, Conn.- 


| based Gartner Inc. There isn’t any one 
| application or process involved, she 
| says. Rather, it consists of a mix of dif- 


ferent industry-specific techniques 


| that help organizations better under- 
| stand which actions, such as a price 


reduction, will yield the most profit. 

In contrast, traditional, manual pric- 
ing optimization techniques include 
somewhat cumbersome marketing 
techniques such as discounts, special 
promotions and free-shipping offers, 
says O’Marah. They generate no re- 
peatable processes, however. 

The advantage of revenue optimiza- 
tion tools offered by vendors such as 
Manugistics and Dallas-based i2 Tech- 
nologies Inc. is that they let users sys- 
tematically set the most profitable 


| prices for their goods and services. 


Revenue management and optimiza- 
tion systems won’t work unless your 
operation meets the minimum require- 
ments, says O’Marah. Companies need 
clean point-of-sale data that can be re 
plenished as needed. Firms requiring 
daily price updates, for instance, may 


| need real-time feeds. 


Pricing by Precedent 

Miami-based Royal Caribbean Cruis- 
es Ltd. relies heavily on historical data 
when setting current prices. A group 
of about 50 professional analysts at 
the cruise line uses a set of primarily 
homegrown optimization and revenue 
management applications to set prices 
and maximize the profitability of avail- 
able cabin space. Those systems tap a 
database containing extensive histori- 
cal transaction data, says Doug San- 
toni, vice president of revenue man- 
agement at Royal Caribbean. 

Establishing a price can be extreme- 
ly complex, because the cruise line has 
26 ships, each with 20 or more types of 
cabins. The booking price is affected 
by factors such as international cur- 
rency rates and whether a passenger’s 
reservation includes air travel. 

By reviewing the historical data, 
Royal Caribbean gets a sense of what is 
most popular with its customers and 
what is likely to sell. It then creates 
benchmarks for the system to use, 
along with demand forecasts and other 
metrics, and crunches the numbers to 
set the appropriate mix of prices that 


| will fill the ships’ cabins. 


But the company doesn’t rely on the 


| software alone. Some of its revenue 


REVENUE OPTIMIZATION TOOLS 


Vendors 


The market for revenue optimization 
tools is loosely defined, with several 
players focusing on different niches, 
according to Karen Peterson, an ana- 
lyst at Gartner Inc. Here’s how she 
groups the vendors: 


8 i2 Technologies Inc.: This company 
nas traditionally concentrated on opti- 
mizing retail merchandizing operations. 
In this niche, it goes head-to-head with 
smaller players such as Cambridge, 
Mass.-based ProfitLogic and San Car- 
los, Calif.-based DemandTec Inc. 


= Manugistics Inc.: This supply chain 
software manufacturer casts the widest 
net, says Peterson. Its broad range of 
offerings targets transportation, high 
tech, retail and other industries. 


= Rapt Inc.: San Francisco-based Rapt 
offers toois that minimize risk during 
general purchasing and selling activities. 


= Maxager Technology Inc.: San 
Rafael, Calif.-based Maxager brings 
expertise in optimizing manufacturing 
capacity constraints. 

~ Mare L. Songini 


managers have degrees in statistical 
modeling and similar disciplines, 
which help them in determining these 
benchmarks, says Santoni. 

Royal Caribbean’s systems have 
evolved over some 13 years, Santoni 
says. Prior to the current system im- 
plementation, managers had to per- 
form the calculations manually and 
couldn’t drill down into the data with 
the same granularity and speed that’s 
now possible. 

“The real power is not just having 
the data itself, but being able to work 
with it and being able to manipulate 
it,” Santoni says. At Royal Caribbean, 
this helps not only in making success- 
ful bookings, but also in determining 
why a potential passenger may have 
turned down a ticket 

And having a better understanding 
of historical customer behavior, users 
agree, is the starting point for any rev- 
enue optimization project. D 


DHL Worldwide Express Inc. repackages its pricing 
QuickLink: 29711 
Harrah's Entertainment gambles on price optimization 


| QuickLink: 29709 


| Qe Quicklink: 29724 
| www.computerworld.com 
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functionality of ATA drives 


we | 
PI n can’t compare to SCSI’s relia- @ PRODUCT PIPELINE 
S bility and performance as a 
aG in ATA Disk-Based primary storage medium, Three Takes on 


vogeebene Systems they’re well suited to stream- Backup Appliances 


* & ing and large block transfers. —-————$—$ 
“Once you get the headin |  Ofthe many vendors that 
IS tO IS at hae Sg the right place, you can move are now marketing devices 
SoU Sh [the data],” says Bennett. as disk-to-disk backup ap- 


elder beara The systems can also hel pl three F 
. : e systems can als p | ances, these repre 
OUTLOOK: A new generation of fast, low- Oe tl TLE solve the problem of sh rinking | sent the different approach- 


cost disk-to-disk backup appliances may neat en moment eee 
soon replace tape for some applications. LA RIGAMADRMIIE | cache between the target stor | Ticats he 


- restores at a cost per giga- 
By Robert L. Mitchell byte that’s competitive with age and the tape subsystem. —_| _ first to market last fall when 
¢ sale high-end tape subsystems. And since software tools like | jt announced the InfiniSAN 
ka Y ACCESS FILE is | an early adopter of the Infini- | Network Appliance’s Snap- D2D, an ATA-based disk-to- 
corrupt. Can you | SAN D2D backup appliance Se tae Wee) Vault can update the backup | disk backup appliance. Its 
M restore it for me?” | from Los Angeles-based Nex- Departmental file servers, indefinitely without re-creat- software functions as a ver- 
Such common user | san Technologies Ltd. The Pry ieee a cee Ul Ril ing the primary backup image, sioning system that allows 
requests can send administra- | SOOGB system, which cost Mees Geteeiiage | the appliances can back up | copying of incremental up- 
tors on a merry chase that | $11,200 installed, has cut the PCR Car thie king storage in remote offices over dates via the Network File 
includes digging through ar-_ | administrative time required up and restoration is vital. a wide-area network. This lets System or Common Internet 
chived tapes, inserting the for file restores, Kennedy archival tape copies be created File System protocol. Spe- 
correct cartridge into the tape | says. “Now you just click Re- Ava and managed centrally. | cial “agent” software can 
loader and then sequentially | store and it’s back,” he says. Du ame Lc Newtron’s backup appliance automate backups for spe- 
searching through it torestore | “The reality of having your center backup systems de- | backs up PeopleSoft and SQL cific applications. 
the user’s data. The | backup informa- SRC | Server data residing in its main Quantum Corp. 
tion on random- De office across an interbuilding | The Milpitas, Calif.-based 


process can easily 


yk 
take a half hour or EMERGING? uT access media will oapeartoces) aay tape | fiber link. “If our [main] office | disk vendor takes a more 
more of an admin- TECHNOLOGIES change how peo- | pear ahaha ass its | burned, everything would be | pragmatic approach with 








istrator’s time. ple interact with = | out there on the Nexsan,” | its DX30. The system, slated 
A new genera- ] their backups,” says | Gigabit Ethernet face to the Kennedy says. | to ship in the second half of 
tion of relatively low-cost Chris Bennett, director of plat- outside world. Devices may Vendors are also promot- | this year with 3TB of storage 
disk-to-disk backup systems is | forms and systems at Network | support data transfers in block | ing the devices as a general- | and a price tag of $45,000, 
changing all that, reducing the | Appliance Inc.in Sunnyvale, | or file format. purpose repository for“near- | emulates a tape library to al- 
restoration task to a 30-second | Calif.“We’re on the very front | Cost is the driving factor be- | line,” or secondary, storage. low compatibility with exist- 
point-and-click affair. It’s so | end of what is going to be a | hind the trend. ATA-based disk | For example, third-party soft- | ing backup software and the 
simple, in fact, that users can revolution in the way people _| drives aren’t new and are com- | ware allows Exchange e-mail backup policies that users 
do it themselves. | deal with backup issues.” mon on the desktop. Manufac- | documents to be migrated to have created with them. 
“It’s slick,” says Bob Kenne- These disk-based backup turing economies have driven a NearStore device from Net- Quantum as eran 
dy, director of computer re- systems use the Advanced | prices down to $15 to $20 per work Appliance as they age, ree — lock - 
sources at construction firm | Technology Attachment (ATA) | gigabyte, making them com- without changing their ap ng 
es S r 2 ee ae ; : | rectly between disks over a 
The Newtron Group Inc. in | interface internally but pre- | petitive with high-end tape pearance to the end user. Fibre Channel storage-area 
Baton Rouge, La. Newtron is sent a SCSI, Fibre Channel or subsystems. And while the “We're already seeing a | network. Although backups 
change in the way backup | and restores are faster, this 
| technology works,” says Nan- | approach uses software de- 
w TECH CHECK cy Marrone, an analyst at The | signed to stream to a serial 
Enterprise Storage Group Inc. | tape medium to perform 
. ; i : 
The Disk-to- in Milford, Mass. In the future, backups, and restores to a 
‘ she says, backup software will random-access medium. 
D k D include more hierarchical 
IS ance om a oo storage management capabili- | Network Appliance 
ties and the intelligence to 
“determine what data needs to 
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BY JAIKUMAR VIJAYAN 
HEN compa- 
nies make 
duplicate 
copies of 
enterprise 
data for backup, disaster re- 
covery or other business pur- 
poses, they are said to be repli- 
cating data. 

Such duplicate copies of 
data can reside locally on the 
same system or network seg- 
ment, or they can be placed in 
remote locations. 

Replication can take 
place at the application 
level or the storage level. 
Application replication 
takes place at the trans- 
action level: Each trans- 
action is captured and dupli- 
cated on multiple systems. 
Storage replication involves 
copying the data that sits un- 
der the application. 

Organizations replicate and 
mirror data for a variety of 
reasons. Since Sept. ll, a major 
driver for data replication has 
been disaster recovery and 
business continuity planning. 
Companies are hoping to bol- 
ster their capabilities in these 
areas by maintaining copies of 
data and applications at one or 
more off-site locations. 

Corporations also replicate 
data to enable wider and 
quicker access to information 
across the enterprise. It’s 
quicker to access copies of 
data stored on local servers 
than it is to access data 
stored on a remote server. 

Similarly, data is sometimes 
copied and stored at multiple 
locations to let multiple busi- 
ness units access it for their 
individual needs, such as data 
mining. Development and 
testing work is also less risky 
and disruptive when done on 
a copy rather than on live pro- 
duction data. 

“There are a myriad uses 
for data,” says John Young, an 
analyst at D.H. Brown Associ- 
ates Inc. in Port Chester, N-Y. 
“There are more people [than 
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Replication 


| ever before] wanting access to 
| and using data within a busi- 
ness. When you combine that 
with the standard requirement 
to back up and store data, it’s 
easy to see what’s dri- 
ving data replication.” 

There are a variety 
of methods with which 
to replicate data from 
a primary source to 
secondary sites. The choice 
depends on the level of pro- 
tection a company’s applica- 
tions require or the business 
needs driving the replication 
effort, says Dianne McAdam, 
an analyst at Illuminata Inc. in 
Nashua, N.H. 

A financial services com- 
pany, for instance, is far more 
| likely to need real-time repli- 
| cation than a manufacturing 





by 


operation, she says. Factors 
such as cost, complexity and 
performance impact also af- 
fect the choice of replication 
method, McAdam says. 


Synchronous vs. Asynchronous 
| Companies that require very 
short recovery times tend to 
use an approach called syn- 
chronous replication. In this 
method, data is duplicated in a 
real-time fashion on a primary 
system and on secondary sys- 
tems. All systems are copied 
simultaneously. 

Synchronous replication 
involves a process called a 





two-phase commit, whereby 
data that’s being updated on 
the primary server has to be 
duplicated on and acknowl- 
edged by the secondary sites 
before the next transaction 
proceeds. This ensures that 
data is identical on all copies 
at all times. 





DEFINITION 


The goals of synchronous 
replication are near-zero loss 
of data and very quick recov- 
ery times from failures that 
occur at primary sites. But the 
two-phase commit process 
results in performance degra- 
dation when the distance be- 
tween the primary site and 
secondary site is great. 

Synchronous replication 
can also be costly because it 
requires high-bandwidth net- 
work connectivity. 

“To be really bulletproof, 


| you need to do synchronous 


replication, but most can’t 

afford it,” McAdam says. 
Another option that’s be- 

coming increasingly popular 





Replication is the process of making duplicate 
copies of enterprise data for content distribu- 
tion, disaster recovery or other business needs. 


is asynchronous replication. 
Related technologies capture a 
copy of each completed trans- 
action on the primary server, 
which is then duplicated on 
the secondary systems. This 
duplication can happen auto- 
matically whenever an update 
takes place, or it can be pro- 
grammed to take place at pre- 
defined intervals. Replication 
products can also queue data 
and send batches of changes 
when network use is low. 
Asynchronous replication 
doesn’t require as much band- 
width as the synchronous 
approach and can be applied 
over greater distances with lit- 
tle performance degradation. 


Corporate Replication 


More than just backup, replication lets a far-flung organization 
gain efficient, quick access to data. 


It’s also cheaper, but it doesn’t 
offer the same real-time re- 
covery capabilities. 

Companies may want to 
use a combination of both 
approaches to overcome tech- 
nical issues, Young says. For 
instance, a company may de- 
cide to stick a replication 
technology midway between 
two endpoints. Synchronous 
replication is then performed 
in hops — first between the 
original and the midpoint, 
then from the midpoint to the 
endpoint. 


Hard or Soft? 


Vendors today offer both 
hardware- and software-based 
replication. Companies such 
as EMC Corp. in Hopkinton, 
Mass.; Hitachi Data Systems 
Corp. in Santa Clara, Calif.; 
and IBM offer hardware tech- 
nologies, while others such 
as Veritas Software Corp. and 
Sun Microsystems Inc. enable 
software replication. 

With hardware replication, 
all the duplication tasks are 
carried out by specialized con- 
trollers, leaving the server free 
for other tasks. But controllers 
from one vendor generally 
don’t work well with con- 
trollers from other vendors, 
so hardware replication tends 
to tie users to a single vendor. 

There are no such limita- 
tions with software-based 
replication, but since server 
cycles are used to handle the 
duplication tasks, it can affect 
performance. 

Ultimately, analysts say, the 
way to go depends on the 
user’s specific business and 
technology needs. 

“More companies are taking 
replication seriously these 
days. ... Sept. 1l was a wake- 
up call,” Young says. B 
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Cost-Effective Remote 
Access Proves Elusive 





It’s not easy to offer employees remote access 
that’s both easy and secure — at a reasonable cost 


BY VINCE TUESDAY 
VERYONE SAYS they want secu- 
rity. They don’t. Deep down, 
end users don’t care. They 
want MP3 downloads, and 
damn the viruses. They want 
a blank password, and if forced to have 
one, they want Windows to remember 
it for them. 

This leaves me with a problem. If 
these carefree people design and imple- 
ment insecure systems or use them in 
an insecure way, I may get fired. If they 
stumble across systems that are very 


secure (hopefully because I nudged 
Sacco 
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them in the right direction), 
I’m seen as unnecessary and 
may get fired. 

So I’ve decided that I can’t 
worry only about security but 
instead must include cost sav- 
ings. If my team keeps cutting 
costs, then whether or not we 
have incidents, we'll be invited to stay. 

I’ve spent the past few days debating 
how we can save costs in our remote- 


access systems while maintaining ade- | 


quate security. We have a high-cost/ 
high-security approach at the moment. 
Finance wants a low-cost system. It 
would be easy to offer a low-cost/low- 
security answer, but the tricky bit is to 
discover a low-cost/high-security fix. 


Remote Controls 

We spend a great deal of money on 
remote access. We use Integrated Ser- 
vices Digital Network (ISDN) and ana- 
log dial-in for remote access and sup- 
port. Not only do we have many staffers 
who globe-trot, phoning in from as- 
toundingly expensive hotel phones, but 
we also place equipment permanently 
in the homes of IT support staffers so 
they can provide shift cover. 

Some of our high-speed ISDN end 
users claim to use the system all the 
time, but our bills show that some use it 
for only five minutes per quarter. If we 
could get them off of dedicated lines 
while still providing the same service, 
we could save big on line rentals. 

Other people configure their home 
systems to check for e-mail every five 
minutes. This automatically brings up 








the long-distance connections to the 
office, and the costs add up. To add in- 
sult to injury, many of these users have 
high-speed cable or Digital Subscriber 
Line Internet connections. These al- 
ways-on, fixed-price services are much 
cheaper than the ISDN service we offer. 

The IT support users aren’t thrilled 
about the systems we want them to cart 
home. Some support technicians are 
annoyed at having to step away from 
their hot-rod UFO-style game machines 
with huge flat panels and use the steam- 
powered 17-in. CRT computers we give 
them. We could let them use their high- 
powered machines and their 
always-on connections to ac- 
cess their work data over the 
Internet, but the lack of secu- 
rity in doing that is so bad 
that I just can’t accept it. 

The industry-standard so- 
lution is to slap on a virtual 
private network (VPN), but this solves 
the wrong problem. VPNs do well at us- 
ing cryptography to stop snooping or at- 
tempts to modify data in transit. Howev- 
er, such attacks aren’t common. After all, 
why should hackers bother lifting credit 
card numbers from live connections 
when they can steal the entire database? 
The problems we have are with spoofed 
authentication and hijacked sessions. 

Attackers will go to extreme lengths 
to steal or guess authentication creden- 


tials — and our users pick bad ones, | 


so using passwords is out. Many com- 
panies build public-key infrastructure 
architectures to get around this. But the 
private key ends up as a password- 
protected file on the local machine. 
Steal this and the user’s password, and 
you can connect as that person. 

We use SecurID tokens for authenti- 
cation on our remote-access system. 
We could reuse SecurID not only at no 
extra cost for a VPN approach, as we 
already have the servers and tokens, 
but it would also stop hackers from 
stealing, spoofing or using brute-force 
methods to authenticate credentials. 
The passcodes it creates can only 
be used once, and the correct answer 
changes every minute. 

Even if I know with absolute certain- 





ty that a valid user started a connection, 
I don’t know what else might travel 
over that link. If attackers have broken 
into the user’s home machine, they can 
piggyback on the connection right into 
the heart of our company. 

To make this risk acceptable, we 
could protect each machine to the same 
standard as our Internet-facing systems. 
That would include patching, antivirus 
scans with regular updates, and intru- 


; sion detection with round-the-clock 


monitoring and expert trained response. 

But we can barely manage this on the 
handful of Internet servers we have, 
never mind doing that for thousands of 
users’ home machines, each with a dif- 
ferent build and under their physical 
and systems administration control. 

So we could give them machines 
locked down with our standard build 
and make them use those. But users 


| will connect using their own insecure 


machines because they want it easy. 

Perhaps I should make their machines 
full clients on our network. If I use 
Microsoft Terminal Services, then I can 
get away with a very limited network 
connection from them to internal ter- 
minal servers. I can use a firewall to 
protect this approach properly. 

But even here, we face risks. Remote- 
control backdoor hacker utilities, such 
as Back Orifice, would still be able to 
get in. Can I trust that even my users 
would report cursors moving and files 
being opened as if by ghosts? 


Setting Limits 

My favorite alternative is to convince 
most users that they don’t need remote 
access to all of our applications. Access 
to e-mail on our Microsoft Exchange 
server is the killer application for them, 
so we could set up an Outlook Web 
Access (OWA) server with a SecurID 
wrapper. OWA requires only a Web 
browser client, so it will work from a 
Web café or hotel business suite. 

In that configuration, the worst a hack- 
er could do is read and fake e-mail from 
our employees. It’s cheap because staff- 
ers can use their own machines and net- 
work connections while keeping our sys- 
tems safe. But will end users accept it? 

I’m still looking for answers. If I find 
a truly secure, low-cost alternative for 
remote access, I'll either launch a start- 
up to sell it to others — or tell you about 


| itin a future column. D 
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Public-key infrastructure (PKI): 
PKI is a system of digital certificates, 
certificate authorities and other regis- 
tration authorities that verify and 
authenticate the validity of each 
party involved in a transaction. It is 
commonly used to secure e-commerce 
transactions. Web site owners pay a 
certificate authority such as Mountain 
View, Calif.-based VeriSign Inc. to 
provide assurances that a Web site 

is legitimate. 


Outlook Web Access (OWA): 
Microsoft Corp.'s OWA offers end 
users browser-based access to Micro- 
soft Exchange Server e-mail by way of 
an intermediary OWA server. Some 
Outlook features, such as the preview 
pane, drag and drop and spell checker, 
are missing, but you can read and send 
e-mail and arrange meetings. 


LINKS: 


www.microsoft.com/exchange/ 
techinfo/outlook/2000/ 
OWA2000.asp. this white paper 
offers a technical overview of OWA. 


www.microsoft.com/technet/ 
treeview/default.asp?url=/ 
technet/security/bulletin/ 
MS01-030.asp: OWA isn't Outlook, 
but it's also no protection from viruses, 
as this security bulletin shows. 


HOT-ROD ACCESS 


If your support teams treat their systems 
like hot rods, are they likely to switch to 
a boring company-issue machine for 
remote access? 


www.hardcoreware.net/rigs/ 
index. php?&r=214: This Web page 
shows the extremes to which some 
users on our staff will go to modify 
their personal systems. 





This week's journal is written by a real security man- 
ager, “Vince Tuesday,” whose name and employer 
have been disguised for obvious reasons. You! can 
contact him at vince.tuesday@hushmail.com or join 
the discussion in our security forum. 


To find a complete archive of our 
Security Manager's Journals, go online 
© www.computerworld.com/smij 





Storage in every size and width. 
The difference between winning and losing is a little thing called 
“storage.” And the winning play is integrated storage solutions. Why? 
Hardware and software that work together speed implementation, 
let you maximize your current infrastructure investments, and help 


reduce risk. IBM TotalStorage” solutions are complete, cross-platform 


storage offerings that cover storage networking, disk, tape, software 


and services. Bent on winning? Find out where you can test-drive 


any IBM storage solution at ibm.com/totalstorage/solutions 


(© business i Te Game. Play twin.” 
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e managing network operations team 
¢ resolving UNIX problems 


e working lots of overtime with little reward 


ready to experience 


e variety of leadership opportunities in IT 





e workplace that celebrates diversity 


© compensation that rewards performance 


STATE FARM 


INSURANCE 


Get there with State Farm. 

Come to work on one of the world’s largest 
computer networks. And see your hard work 
pay off—in your salary and benefits. Plus, take 


advantage of opportunities to manage friendly 
people from a wide variety of backgrounds 
These are just a few of the reasons we rank 
#2 in Computerworld's “Best Places to Work." 


or more information, visit statefarm.com* 
il jobopps.corpsouth @statefarm.com 


ia good neighbor, State Fatm is thé 
Insurance Compames * Home Offices: Sioo 
Opportunity Eriployer 


% 


Computerworld + InfoWorld + Network World + June 3, 2002 


if organizations want to flourish in 
the global economy, leaders need to 
nourish their employees. Our Women 
in Technology International (WITI) 
FastTrack coverage will covepthe 
trends and techniques of leading 
ompanies around the United States. 


171 FastTrack. The list 
iust a sample of the 
loyers featured in 
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WIT! invites you to join us... 
in the West 


WITI 7th Annual Silicon Valley 
Smart Partnering 


Conference & Expo 


Access to Experts, Strategies & Technologies 
June 18-20, 2002 


Santa Clara Convention Center w Santa Clara, CA 


in the East 


TECHX NY / PC Expo 


June 25-27, 2002 
Jacob K. Javits Convention Center w New York City, NY 
join WITI as we provide women in technology Access to- Influence, Capital, IT, Career 


Development, Media, Technology Trends and Opening in the Glass Cieling and Winning 
Government Contracts 


“The WIT! Conference... was AWESOME! | learned a lot, felt inspired, 
and made some great friends and professional contacts!!!" 
DENISE MARCINSKI, DISTRICT SALES MANAGER, TRILLIUM DIGITAL SYSTEMS 
“Very Good! It will take me some time to digest all of the valuable 
information. Thank you for putting on such a wonderful conference 
and forum. Inspiring!” 
ROBIN LAND, DIRECTOR, TEXAS INSTRUMENTS 


Before there’s success, there’s access. 


For more information visit our website www.witi.com 


, : or call: 1-800-334-9484. 
OMEN IN TECHNOLOGY 
INTERNATIONAL 


Advancing Women Through Technology 





IT) careers.com 


Software Professionals: RS Soft- 
ware, a leading, globally posi 
tioned, SO 9001 certified, SEI 
CMM Level 4 & PCMM Level 
3 assessed company, which 
provides Quality Software Solu: 
tions. It operates from India, USA 
& UK. Company is looking 
for Software Professionals with 
following skill-set combinations 
COBOL, CICS, DB2, IMS, JCL 
IMS, IDMS, PACBASE JAVA 
JAVA Scripts, JAVA Serviets 
ASP, CORBA, HTML, XML 
Weblogic TPF, Assembler. 

DBA: Oracle, SQL Server 
Networking: LAN, WAN, NT 
NET, Web Architecture 

UNIX, TCP/IP, SUN SOLARIS 
C, C++, Oracle, Windows 


Send resume tc 
HR, RS Software (India) Ltd 
1900 McCarthy Bivd., #103. 

Milpitas, CA 95035 


ProQuest, one of the largest 
information aggregator, is looking 
for experienced computer pro 
fessionals. Skills in the following 
areas are plus: Unix, C/C++ 
GUI, Perl, Oracle, HTML 

or MS with related experience 
required. Send resume to 300 N 
Zeeb Rd, Ann Arbor, Mi 48106 


CD! Information Services has 
multiple openings for computer 
consultants, programmer/system 
analysts, software/project engi 
neers. Candidate must have 
BS degree with one-year exp 
Traveling is required for some 
positions. P! 
to 1915 Hwy. 52 N., Ste 
222B, Rochester, MN 55901 or 
1900 E. Golf Road, Suite L10 


Schaumburg, !L 60173 


lease send resumes 


Director, Corporate Communi 
cations Lead corporate com 
munications »perations f 
S.F. based software company 
Responsible for managing rela 
tionship & perceptions of com 
pany & p ts with target 
media, prospects, customers 
and market and financial analysts. 
Must have BA in marketing 
business or econ. related field 
& 5 yrs. exp. in rketing 
management, including at ieast 

yrs. in software marketing 
Send resumes to Fo Harris 
@ Business Engine Software 
Corporation, 430 N Vineyard 
Ave, 4th Floor, Ont alifornia 
91764 


Sr. SW Developers: Research 


dsgn, devip, maintain, test inter 
intranet financial sw sys. w/ VB 
Websphere va, C/C++, XML 
WAP, EJB, J: Struts; dsgn. 
convert dt 32/Cobol, Oracie 
on SQLServer, DLL Oracle 
v +, VBScript; Dsgn RUP w 
OOM, UML, ASP, MS Visual 
Studio, ActiveX DDLs. 40h/w 

>, Bachelor dgr/foreign equivi't 
in comp. related fields, & 5 yr wk 
exp ir b/in any posit'n w/ VB 
Websphere, DB2/Cobo!. Resume 
to TP! of St. Louis at gnichols 
@tech-partners.com/fax: 314 


519-0421 


cal engage 
of breed 
is. We're 

v Mat 

Bus. Ac Syst., or Eng 
any), plus at least 3 years exp in 
software cons Jevelopment 
plementation t least 1 
yt as lead developer. Must have 
experience in JAVA, VB & COM 
w/at least 1 yr. in RE Oracle 
Must have knowledge of ad: 
sion. Extensive travel may 
be required. Email resume to 
careers @ roundarch.com refer 
encing Job Code: PMChi. EOE 


Computer Programmer 


Software devel. of Data Access 
Layer to support collab. product 
design. Research & imp!. of new 
technologies to enhance exis. 
software product. Maintain code 
& provide support field consult 
integration of data access layer 
w/server components inc. CAD 
software based services. M.S. in 
CS, Engin. or rel. & 2 yrs exp. in 
above pos. or rel. w/abil. to use 
C, C++, Visual Basic, COM+ 
ASP Scripting, SOL Server, Oracle. 
NS & indexing service XML 
Java, Java 3D, Application Server. 
JDBC, SQL Prog., Security 
Architectures (Win2K, Java, 3rd 
Party), CAD Packages (IronCAD 
ProE, Unigraphics, Parasolid 
ACIS) 40.0 hr/wk. 9-5. Send 
resumes to: Mr. Saron J. Sarkisian, 
HR Director, Alventive, Inc., 700 
Galleria Parkway, Suite 400. 
Atlanta, GA 30339 


Programmer Analyst: duties 
include analysis, design and 
development of software appli 
cations for Internet/intranet 
projects. Environments will in 
clude EJB, XML, Visual Basic 
COM, MTS and extensive use of 
Java technologies and Microsoft 
technologies; specific projects 
include design and development 
of SQL queries for project mod: 
ules utilized for management 
systems networks. This position 
requires the minimum of a 
B.S. Degree. We offer salary 
commensurate with skills and a 
comprehensive benefits package. 
Please provide a letter of interest 
and resume to: Adams Keegar 
Inc., Attn: Human Resources 
6055 Primacy Parkway, Suite 
150, Memphis, TN 38119 


Programmer Analysts to analyze. 
design, test, maintain and support 
internet/intranet applications 
using Java, HTML, ASP, Java 
Script, JSP etc under Unix & 
Windows OS; design/develop 
custom applications in a client 
server environment using VB 
Oracle, MS SQL Server and GU! 
tools under Windows NT OS 
provide on site maintenance 
support to clients. Require BS 
or foreign equiv in CS or Eng 
neering (any branch) with 2 yrs 
of relevant exp. Highly competi 
tive salary. Travel to client sites 
involved. Resumes to Advanced 
Computing Technologies, Inc 

Breckinridge Bivd. Suite 
28, Duluth GA 30096 


Software Applications Engineers 


to work in our Indepen 
dence, OH office. Send resume 
Mary Mears, SAIC, 5001 
Rockside Rd. 
Independence, OH 
e-mail todd.a.krege 
saic.com. Please refer to jot 


ode: TAK043554 


IT Consultants 
ECFIRST.COM, INC., a 
leader in eBusiness 
& eSecurity Consulting 
services is seeking 
experienced IT Consul- 
tants to develop web 
software applications 
for e-business. Tools 
Visual Basic, ASP, 
JavaScript, SQL, Seagate 
Crystal Designer & 
Seagate Report Designer. 
Send resumes to: 13375 
University Ave, Clive, 
1A 50325 or em 
hr@ecfirst.com 
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Recovery Management System 
(RMS) Tech. Support, Latin 
America. Norcross,GA. Dvip. & 
maintain clients’ customizations 
of RMS. Assist Latin American 
support group w/ Help Desk 
support calls. Train new/existing 
customers in RMS. Assist in 
design & maintenance of new 
existing products. Train/mentor 
staff in dvipmt. & support of co's 
RMS/PCX product. Assist in 
dvipmt. & roll out of new client 
server version of RMS. Requires: 
B.S. (or foreign equiv) in Comp 
Sci. or Comp. Eng'r pilus 2 yrs 
exp in job offered or 2 yrs exp as 
a Systems Manager. Exp., which 
may have been obtained con 
currently, must include 2 yrs. exp. 
dvip. & impimt. RMS applics. and 
2 yrs exp. dvip. & impimt. PCX 
applics. Mail resumes w/ ad (no 
cails) to Sharon Penn, LBSS. 
Inc., 3550 Engineering Dr., Ste 
200, Norcross, GA 30092 


Programmer Analyst sought 
by s/ware dvipmt & consulting 
Co. (Melville, NY) Dsgn, dvip, 
analyze, impimt, code IT applics 
using SQL Plus, PL/SQL, Oracle. 
Unix/SUN OS, Win. Must pos 
sess knowl or exp of marine 
s/ware dvipmt. Min Reqmts 
Bach or equiv in Science 
Physics/Comp Sci/or equiv + 2 
yrs & 6 mos exp in job offd. Will 
accept 3 yrs college education 
in listed fields/or any combo of 
education & exp that equates the 
min reqmts. Please respond tc 
Rowena Cheng, VP, Trade Ship 
Inc, 201 Old Country Rd, Ste 
202, Melville NY 11747. Fax 
631-673-8958 


Appl. Systems Programmer, City 
of Charlotte, Support & assist w 
maintenance of PeopleSoft HR 
System. Pos. reqs. BA in Comp. 
Science or Eng. & 2 yrs. exp. in 
pos. offd. or as a Prog. or System 
Analyst. The 2 yrs. must incl 
work w/ Oracle & PL/SQL & 
developing & tuning SQL 
queries. 1 yr must have incl. work 
w/ Oracle Dvip. Suite developing 
Oracle Forms & Reports & must 
have incl. work w/ PeopleSoft 
modules incl.: HR, BB, Benefits 
Billing, Time & Labor, Payroll 
Recruitment & Pos. Mgmt. & 
Mercury Interactive WinRunner 
40hrs/wk, $67K-&80, 696, Jot 
#020352, Send resume & 

to HR Dept., City of Charlotte 
600 East 4th St., Charlotte, NC 
28202. EOE 


Openings available for exp'ed 
g/Systems Anal 

Project Managers and 
Engineers. Duties include deve! 
oping and designing S/W 
systems using SAP, ABAP/4 
Mercator, COBOL, CICS, VB 
Power Builder, Developer 2000. 
Java, HTML, Sybase, Oracle 
MS SQL Server, wireless 
internet/telephony technologies. 
e-commerce, data warehousing, 
UNIX/Windows systems admir 
istration. All positions require a 
BS/MS or its foreign equivalent 
& relevant exp. Competitive 
salary. Some travel/relocation 
required. Send Resumes tc 
UNILINX, 4625 Alexander Drive 
Suite 110, Alpharetta, GA 30022 


Software Engineers needed t 


sgn, dvip, test & eval s/ware for 
Data Link & provide project 
mgmt w/aviation/communication 
s/ware systems dvipmt. Apply tc 

E. Adkins, Hi-Tec Systems, 500 
Scarborough Dr, #108, Egg 
Harbor Township, NJ 08234 


Sr. Consultant, Technology 
Reston, VA. Analyze, design 
develop & implement hardware. 
software architectures using 
UML, Java, JSP, J2EE, Oracle 
RDBMS, C++, & Sybase on 
iPlanet application, iPlanet Web. 
iPlanet Directory, Epicentric 
Foundation, & IBM WebSphere 
Servers. Code components 
determine technical architecture 
reqmts, code reviews, integration 
testing. REQUIRES: M.S. (or 
foreign equiv) in Comp. Sci 

Math, or related field plus 3 yrs 
exp in job offered or 3 yrs exp 
as Sftwr Engr or Prog. Analyst 
Concurrent exp. must include 3 
yrs exp designing, developing & 
implementing sftwr architecture 
using C++ and 3 yrs exp design 
ing, developing & implementing 
sftwr archit. using Java. Mail 
resumes w/ ad (no Calis): Traci 
Freedman, DiData, 55 Broad St 

5th Fi., NY, NY 10004 


Staff Engineer - AMEC Tech 
nologies, a global engineering 
design and technology service 
firm currently seeks applicants 
for the following position in its 
Decatur, GA office: Staff Engineer 
to develop mathematical simula: 
tion algorithms and models 
communication objects and pro 
tocols using OLE for Process 
Control (OPC) interfaces and 
TCP/IP. Applicants for this 
position must have a master's 
degree in Electrical Engineering 
Computer Science or related 
field plus 5 years of job experi- 
ence in development of models 
for simulation of pressure/flow 
processes in industrial systems 
using mathematical methods for 
computer simulation and object 
oriented programming languages 
in multi-system environment and 
in development of OPC servers 
and configuration of network 
communication protocols based 
on TCP/IP. For consideration 
please forward your resume 
to: AMEC Technologies, Inc 
Attention, Mary A. Trizzino,125 
Clairemont Ave., Suite 570. 
Decatur, GA 30030. EOE 


Programmer Analysts (3 Posi 
tions) to analyze, design, test. 
maintain and support client server, 
web applications using ASP, 
JavaScript, VBScript, HTML 
DHTML, COM etc under UNIX 
and Windows OS; design and 
mplement GUls and relational! 
database management systems 
using VB, Developer 2000, Oracle, 
MS Access and SQL Server. 
Require: B.S. or foreign equival 
with conc. in CS or Math or any 
branch of Engineering with 2 
yrs exp in the IT field. Highly 
compensated fulltime positions. 
Travel/relocation involved. Re 
sumes to InfoSmart Technologies, 
Inc Leatherman Ct 
Alpharetta, GA 30005 


PROGRAMMER wanted by 
T Consulting Co. in Houston 
TX. Must have degree and exp. 
Respond by resume to Mr. L 
Sookran, HR Manager, M/L 
Electronic Computer Services 
inc., 2875 NE 191 St., Ste #701 


Aventura, FL 3318( 


Call your 
ITcareers Sales 
Representative 

or Janis Crowley. 


1-800-762-2977 


NiO LS: 
NETWORK WORLD, 
COMPUTERWORLD, 

D INFOWORLD 
HELP You Do 
A BETTER JOB. 


Now Let Us HELP 
YOU GET ONE. 


CALL: 
1-800-762-2977 


nT, careers.com 





TT) careers.com 


Programmer Analyst wanted 
by New Jersey based Co for job 
locations throughout the US. 
Must have Masters in Comp. Sc. 
Engg., Mgmnt. Sc. or Bus. 
Admn., 3 years of experience in 
computer software developing 
and/or consulting and proficiency 
in RDBMS, ASP, COM/DCOM. 
XML. Respond to: HR Dept. 
Netpixel, Inc., 42 Utica Road, 
Edison, NJ 08820. (Ref 
GG8218IM) 


Several positions available 
Requirements and salary vary 
per position. Send resume to: 
Srivatsan Ramachandran, A.M.!., 
6145F Northbelt Parkway, 


Norcross, Georgia 30071 


ARINC, a leading provider of 
communications, information 
technology, and system engi 
neering, has an opening for a 
Staff Principal Engineer with 
Animator experience in our Marina 
dei Rey, CA office. Responsible 
for working as a chief architect of 
graphical interface, networking 
and Java specifically, leading 
ettorts which utilize the Animator 
product. Individual must have a 
Bachelor's degree or foreign 
equivalent in Engineering, Com: 
puter Science or related field 
Must have technical and working 
knowledge of Animator, as well 
as programming experience in 
Java, C++, C , Windows NT/2000 
& UNIX operating systems. For 
consideration, please fax your 
resume to (978) 649-7078, Attn 
Dept. IHR-PM. EOE 


Programmer Analysts, Sr. Pro- 
grammer Analysts, Software 
Engineers, DBAs, Tech. Market 
Analysts, and Budget Analysts 
Experience sought in: SAP, 
VB, Java, ASP; Database 
Administration; Peoplesoft, Oracle 
Requirements and salary vary 
depending upon position: All 
positions require the minimum of 
a Bachelor's Degree. Must 
be willing to travel/relocate if 
necessary. We offer salary 
commensurate with skills and a 
desireable employee benefits 
package. Please provide a letter 
of interest and resume to 
Goldstone Technologies, Attn 
Human Resources, One Lawson 
Lane, Burlington, VT 05401 


Trusted by 
more hiring 
managers 
than any IT 
space in 
the world. 


(1) careers.com 


SOFTWARE ENGINEERS (8 
positions): require Bachelor's in 
Engineering/Computer Science/ 
Mathematics/Science or closely 
related field with experience 
providing skills in described 
duties, at $60,000 per year 
Senior Software Engineers (8 
positions) with Master's and two 
years experience, at $65,000 per 
year. Provide on-site consulting 
in design, analysis and develop 
ment of operating systems-level 
software for legacy systems in 
1BM mainframe environment: 
development and administration 
in Oracle, DB2, SQL Server 
and Sybase; e-commerce and 
web applications development in 
Microsoft, Java and related tech- 
nologies; network management 
systems development with 
Netscape Server and related 
tools; SAP R/3 applications on 
Windows with DOS and ABAP/4 
and related modules. 40% travel 
to client sites in the United 
States. Mail resume to: YASH 
Technologies, Inc., Human 
Resources, 605 17th Avenue, 
Suite 1, East Moline, IL 61244 


Sr. Software Engineer, Mt 
Laurel, NJ. Must have Bachelor's 
degree in Comp. Sc., Engg. 4 yrs 
exp. in the job duties or Comp 
S/W Dev. and/or Consulting and 
proficiency in RDBMS, Visual 
C++, MFC, ASP, XML, COM/ 
COM+ technologies. Send letter 
& resume to HR Dept., Ref# 
GG8149, Price Systems, LLC, 
17000 Commerce Parkway, Ste. 
A, Mt. Laurel, NJ 08054 or fax to 
856-608-7247 (no phone calls 
please) 


Systems Analyst to analyze 
and develop reports and appli- 
cations using SQL and Visual 
Basic; convert FoxPro applica- 
tions to SQL and Visual Basic 
applications; maintain SQL data 
warehouse, FTP, file conversions, 
uploads, and other applications 
using Crystal Reports and Pro- 
Clarity applications; and analyze 
user requirements, procedures, 
and problems to automate or 
improve existing systems and 
review comp. Sys. capabilities, 
workflow, and scheduling limita- 
tions. Req. M. S. in Comp. Sci. or 
Engineering or related science. 
40hrs/wk. Send recent resume 
to: Kathy Londow, MMCC, 1407 
Union Ave., Suite 200, Memphis 
TN 38104. Ref. Code: TN-JZ 


ARINC, a leading provider of 
communications, information 
technology & system engineering, 
has an opening for a Systems 
Analyst at their office in Marina 
Del Rey, CA. The individual 
will assist a Senior Software 
Engineer in analyzing existing 
computer systems as it relates to 
the configuration management 
tools and Problem Tracking 
System. Individual must have a 
Bachelor's degree in Computer 
Science, Management information 
Systems or closely related field. 
For consideration, fax your resume 
to: (978) 649-7078, Attn: Dept 
IHR-WS. EOE 


Florida Corp. seeks Manager, 
Telecommunication installation 
& Information Management 
System Development to manage 
& coordinate the installation of 
telecommunication systems and 
oversee the upgrades of clients’ 
information management systems. 
B.A Degree or Foreign Degree 
Equivalent & 5 yrs experience as 
manager of information system. 
Send resume to Mrs. Lidia 
Bussiere, _.P. Bussiere Corp 
1375 N.W. 97th Ave. Suite 11 
Miami, Fi. 33172 


|B Ber aoe 


F/T Data Systems Analyst. 
Responsible for analyzing 
designing, testing & evaluating 
applications systems for company 
wide area networks as well as 
design & support the application 
systems for the re-architecture 
processing for the company's 
production systems for domestic 
billing cycles. Research & rec- 
ommend program specifications 
& code application programs 
according to business require 
ments & perform unit testing on 
developed codes, programs & 
application cycles & troubleshoot 
any defects found working w 
JCL, VSAM, COBOL Ii, CICS 
DB2, IMS, Cold Fusion, REXX 
CLIST, Xpediter & MQ Series 
Must have Bachelor's degree in 
CS, any Engineering discipline 
or related fieid. Foreign degree 
equivalent accepted. Must have 
2 yrs. exp. in job offered or 
position w same duties 
Salary: $69,360. Send resume: 
Julie@ups.com or UPS, Job 
Code: IVGCW, P.O. Box 833 
Mahwah, NJ 07430, Atten: Julie 
Baum, Human Resources. 
M-3C-010. Employer will not 
sponsor visas for position 


Software Engineer wanted by 
YoungTech Inc., NJ. Must have a 
Master degree in computer or 
related engineering fields with 
2+ years experience in software 
development. Strong knowledge 
in Orbix/CORBA, C/C++, Java 
JDBC/Serviet/JSP, Oracie/SQL 
programming are required 
Expertise with ERWin, Visual- 
Cafe/VAJ, IDEF, MFC/COM 
VisualStudio, and experience 
with HTML/JavaScript, iPlanet 
IS, WebLogic are mandatory. 
The position also requires excel- 
lent skills with NT/2000/HP UNIX) 
Solaris. Please send resume to 
HR Dept., Youngtech Inc., 2147 
Rt 27, 1st Floor, Edison, NJ 
08817. Fax Number: 732-650- 
9668 


Computer Programmer: Cus: 
tomize corporate LOS using C 
design & implement web appli- 
cation for online loan application 
using ASP/COM & Stored Pro 
cedures; publish Crystal Reports 
on intranet using RDC. Req 
Master's degree in CiS, CS or 
related discipline plus 2 yr work 
exp. Hrs: 8a-5p, M-F. Send 
resume to Homestar Mortgage 
Services, LLC 400 Northridge 
Rd., Suite 650, Atlanta, GA 
30350. Ref TY. 


Venturi seeks Prog./Analyst for 
Kirkland, WA office. DESC: Prov. 
comp. sys. consult. to max. i.S. 
efficiency. Anlyz. bulk data for 
migration into CRM sys. Dsgn. 
dev, & impl. ROBMS & web 
based & distrb. tools & s/w util 
SQL, VB, ASP, VBScript, JScript, 
Win. o/s. Config. & maint. corp 
web servers. REQ: BS in Engr. 
CS, Math, or Physics + 2 yrs 
exp. dsgn, dev, & imp! RDBMS & 
distrb. tools & aps. util. SQL, VB 
ASP, VBScript, JScript, Win. o/s. 
Prem. sal. + benes. Pls. reply to 
J. King, Job# VT-102, 11255 
Kirkiand Way, Kirkland, WA 
98033 


Computer Programmer to code. 
test, and implement software 
application for insurance claims 
processing and reconciliation 
for pharmacies and medical 
equipment providers using Java. 
C/C++, UNIX, and Relational 
Databases. Must have a Master's 
degree in Computer Science or 
related field and proficiency 
in Java, C/C++, Relational Data- 
bases and UNIX. 40 hrs/wk 
Send resume to Marty Monroe 
Allwin Data, One West Pack 
Square, Suite 1400, Asheville 
NC 28801. Ref. Code: NC-LLX 


Technical Publications Writer 


Write/edit technical publications 
re computer systems installation, 
maintenance & operations 
organize materials & complete 
writing assignments to assure 
clarity, conciseness, style & 
terminology. Req BA in English 
or related. Hrs: 8a-5p, M-F. Send 
resume to Microiearning, 1395 
S. Marietta Pkwy, Bidg 200 #234. 
Marietta, GA 30067. Ref RR 


Computer Programmer: Develop 
telephone billing software for 
voice processing using Visual 
Basic, VB Script and JAVA, 
convert data from project speci- 
fication in SQL Server 6.5 and 
7.0. Req Bachelor's degree in 
CS plus 3 yr work exp. Hrs 
8a-5p, M-F. send resume to 
Ashar Syed, UK! Communications 
720 Hembee Place, Roswell, GA 
30076. Ref SS 


DATABASE ENGINEER 
Multiple positions. Design & 
administer D/Bases using Cisco, 
Sun, MS & Oracle based tech- 
nology Cisco Routers, Sun 
Solaris, Win NT/2000 & Oracle. 
Required BA in Engineering or 
Sciences & 5yrs experience. 
40-hr work. Job/Interview Site 
Fremont, CA. Send resume 
to Hello Computers inc., 4966 
Paseo Padre Pkwy, Fremont CA 
94555 


Openings available for experi- 
enced Prog/Systems Analysts. 
DBAs and Software Engineers. 
Duties include but not limited to 
developing and designing s/w 
systems using various web/wire- 
less technologies, OS, tools 
software packages/languages: 
develop client server, mainframe. 
midrange, ERP and web appli- 
cations. Require BS/MS or 
foreign equivalent & relevant 
experience. Highly competitive 
salaries, some travel and relo- 
cation involved. Send Resumes 
to: Opal Soft, Inc. 3150 Almaden 
Expwy Ste 205, San Jose, CA 
95118 


Application Engineer 


Des. & dev. internet-based 
wealth management portal for 
fin. instit. Create front-end GU! 
using Java Serviets & backend 
w/JDBC calls to SQL stored 
procedures running on Oracle. 
Integrate third-party vendor 
products & LockBox to the portal 
using SSL connections. Perform 
eval. on many tech., presenting 
the best that are capable of 
meeting the co. req. Manage 
weekly builds, deployments, & 
implementations for clients. 
Configure lS, J2SE, Resin 
serviet-runner on production 
staging, & testing envir. B.S. in 
CS or rel. w/abil. to use C/C++ 
Java, SQL, Visuai Basic, Java 
Applets, Java Serviets, ASP, J 
Script, HTML, UNIX, Oracle. 
Borland JBuilder, Microsoft Visual 
Studio, Microsoft SQL Server. 40 
hr/wk. 9-5. Send resume to: Mr. 
Matt Thompson, Pres., SunGard 
AMS eServices, 375 Northridge 
Road, Suite 500, Atlanta, GA 
30350 


OO eee ce | 
the inside track on 
all the hottest tech jobs, 


all the time. 


CommVault Systems, Inc. is in 
need of the following for their 
Oceanport, NJ location: 


Systems Analyst-Analyze user 
requirements, procedures, & 
problems to improve existing 
systems. Develop new systems 
to improve workflow. Review 
system capabilities to determine 
feasibility of proposed programs. 
Must have a Bach. Deg. in 
Comp. Science, Eng’g, Math or 
related field, & knowledge of 
C++, UNIX, & Java. 


Software Developers- Design 
develop, test, & implement soft- 
ware according to user needs 
& cost/scheduling constraints 
Perform upgrades & correct 
errors in the system to maintain 
it after implementation. Required: 
Bach. Deg. in Comp. Science 
Eng’g, or related field, 2 yrs exp 
as a Software Developer or 
Software Engineer & knowledge 
of C, C++, and COM. OR Bach 
Deg. in Comp. Science, Eng’g 
or related field, 2yrs exp as a 
Software Developer, Software 
Engineer, or in a software devel- 
opment occupation & exp. with 
C++, Java, and PERL. 


EOE. Resume to: thoffman@ 
commvauilt.com No phone cails 
please 


System Developers needed to 
coordinate physica! changes to 
DB applications & web pages 
using ASP, EDI, & web-related 
tools. Req. BS in CS, CIS, or IT 
& 2 yrs.’ exp .in offered job or in 
web & database development 
and administration using ASP & 
Visual Basic. In lieu of BS & 
2 yrs.’ exp. will accept MS in 
one of stated fields. Req 
demonstrated ability to use the 
following: EDI, Visual Basic, Active 
Server Pages, SQL server 2000 
US, Scripting Tools, & Visual 
InterDev. No calis; Apply by 
resume to Attn: Tracy Fried 
Per-Se Technologies, Inc., 2840 
Mt. Wilkinson Pkwy., Atlanta, GA 
30339 


Computerworld * InfoWorld + Network World + June 3, 2002 


COMPUTER 


Ascential Software has job 
opportunities in the following 
locations 

California (Los Gatos, Oakland) 
Massachusetts (Westboro): and 
in other areas across the United 
States: 


* Software Engineers (All Leveis) 

¢ Database Administrator 

* Development/Engineering/Pro- 
ject Managers 

« Programmer Analysts 

* Systems Analysts 

* Technical Support Engineers 

* Sales Engineers 


For immediate consideration 
send your resume with salary re 
quirements to 


Ascential Software Corporation 
50 Washington Street 
Westboro, MA 01581 


Or e-mail to: 
staffing @ ascentialsoftware.com 


See our Web site for 
additional openings: 
www.ascentaisoftware.com 
EOE 
M/F/D/V. No phone cails please. 


Noetix seeks Sr. S/W Engr. for 
HQ office in Bellevue, WA 
DESC: Lead team of developers 
& engrs. Arch, dsgn, dev, & test 
corp. |S, RDBMS, servers & rel 
web apps. util. SQL, C++, OO 
dsgn & prog, COM/DCOM 
ODBC, MFC, Win & Unix o/s. 
REQ: BS in Engr, CS, Phys, or 
Math + 5 yrs. exp. dsgn, dev, & 
testing RDBMS & rel. apps. util 
SQL, C++, OO dsgn & prog, Win 
& Unix o/s. Plus 1 yr. exp. dsgn & 
dev. web apps. & util 
COM/DCOM, ODBC & MFC 
Prem. sal. + benes. Pls. reply 
to J. Hubbs, Job #NC-106 
2229-112th Ave NE, Ste. 200. 
Bellevue, WA 98004 





Masfin Consulting inc. has open- 
ings for Project Manager (PM) 
and Programmer Analyst (PA) 
positions for job location in New 
Jersey and elsewhere. Job Duties: 
(PM) Act as a project leader for 
application development projects 
primarily in the financial and 
insurance industry. Skill sets 
experience with development 
work in Visual Basic, C, C++, 
Fortran, Windows platform and 
Client-server architecture; expe- 
rience with the design, architec- 
ture, and programming of rela- 
tional databases, especially Oracle 
and MS Access; wide exposure 
to projects for insurance and/or 
financial industry, especially 
Claim and Bili Review, Workflow 
Management and Insurance 
Claims Management. Manage 
time, deliverables, and project 
work, while maintaining a high- 
level of client satisfaction. Posi- 
tions require a Masters degree in 
computer information systems or 
business administration with 
background in Computer/Elec- 
tronics Engineering, with four 
years of experience as a Pro- 
grammer Analyst. (PA) Bachelor's 
— in Computer Engineering 
or Engineering with two years of 
experience in job offered or as 
a_Developer/Consultant or 
Software Engineer; Skill set 
AS/400, RPG/400, DB2/400, 
Java, JDBC, WebStudio, IBM 
Websphere and IBM Net Com- 
merce. Excelient Pay and Bene- 
fits. Mail resume to: HR Dept., 
Masfin Consulting Inc., 26 Journal 
Square, Suite 1100, Jersey City, 
New Jersey 07306. 


COMPUTER/IT 

SAP FICO Analyst. (Troy, Ml) 
Req. a Bachelor's degree (or 
higher) or equiv. foreign educ. in 
computer technology, business 
admin or mgmt information 
systems, and 2 yrs.’ experience 
in the job offered or 2 yrs.’ expe- 
rience in design and develop- 
ment of business processes and 
procedures in Financial (Fl) and 
Controlling (CO) modules of SAP 
R/3 version 4.0B (or higher) in 
a repetitive manufacturing envi- 
ronment. All stated experience 
must include general ledger, 
accounts payable, accounts 
receivable, product costing, and 
profitability analysis processes in 
SAP R/3 Fi and CO modules. 
Design and develop business 
processes and procedures, as 
well as educational services for 
enterprise re-engineering pews 
in Fi and CO modules of SAI 
RV/3 version 4.0B (or higher) in a 
repetitive manufacturing envi- 
ronment. Organize data into report 
format according to generally 
accepted accounting principles 
Develop financial processes and 
operational support in SAP R/3 
Fl and CO modules, specifically 
including general ledger, accounts 
Payable, accounts receivable, 
Producti costing, and profitability 
analysis. Develop business 
warehouse reporting processes. 
Manage project deliverables 
40 hrs./wk. 8:00-4:30. Apply with 
resume to Jennifer McKenzie, 
Delphi Corporation, 1450 W. 
Long Lake Road, Troy, Michigan 
48098. EOE. Reference #0113 
when applying. 


COMPUTER/IT 

Technical Team Lead. (Troy, Mi) 
Req. a Bachelor's degree (or 
higher) or equivalent foreign 
education in computer science, 
business admin. with information 
systems concentration, or an eng. 
field, and 2 yrs.’ experience in the 
job offered or 2 yrs.’ experience 
in implementing and configuring 
SAP R/3 H.R. Personnel Admin- 
istration module utilizing Accel- 
erated SAP (ASAP) 

Must have led one full life-cycle 
of SAP R/3 H.R. Personnel 
Administration module imple- 
mentation. Lead development 
activity of functional team en- 
gaged in the implementation and 
Configuration of SAP R/3 H.R 
Personnel Administration module 
over a fuil life-cycle utilizing 
ASAP methodology. Assign 
team members tasks to satisty 
weekly targets established by 
the Managing Team Lead. 40 
hrs./wk. 8:00-5:00. Apply with 
resume to Jennifer McKenzie, 
Delphi Corporation, 1450 W. 
Long Lake Road, Troy, Michigan 
48098. EOE. Reference #0924 
when applying 


Exec Search, Inc. a technology 
consulting firm seeks multiple 
individuals for the following posi- 
tions in our Brookfield, WI office: 


* Programmer/Analyst, utilizing 
Unix/C/C++, ORACLE JAVA, 
Visual C++ 

* System Administrators, utilizing 
Unix 

* Database Administrators, uti- 
lizing ORACLE, ORACLE 
Application, Developer 2000 
(Forms & reports), Designer 
2000. 

* Software Engineers to design 
and develop software systems 
utilizing ORACLE, Developer 
2000 (Forms & reports), 
Designer 2000, and Dataware- 
housing Tools 


Applicants for the above positions 
should possess Bachelor's degree 
or higher in a related discipline, 
as well as relevant IT experience. 
Relocation may be necessary 
depending on the particular 
employment position 


Apply w/ resume to 
Exec Search, Inc. 
C/O ISS 
1300 Bent Creek Boulevard 
Suite 200 
Mechanicsburg, Pennsylvania 
17050 


COMPUTER/IT 

Senior Systems Programmer- 
Mainframe. Rancho Cordova, 
CA: Multiple openings. Provide 
installation and customization 
of hardware and peripherals 
including installation, customiza- 
tion and maintenance of OS/390 
R10 and IBM software/PTF and 
other vendor software's using 
SMP/E. Provide day-to-day sup- 
port for OS/390 R10, CICS and 
other vendor products such as 
CA, Compuware, Candie, Digital, 
and Chicago Soft. install and 
customize UNIX system Ser 
vices (OpenEdition) for OS390. 
Maintain Exit routines. Configure 
IBM Enterprise Storage Server. 
Build a test environment to test 
the process of recovery of pro- 
duction image during a disaster. 
Duties involve working in IBM 
Multiprise 3000 7060 H50 S/390 
based mainframe environment 
running OS/390 and JES2 
and vendor products such as 
Omegamon, CA-7, CA-ACF2, 
CA-1, File-Aid, CA-View, PROJC1, 
and SYNCSORT. Requires: B.S. 
or foreign equivalent in Computer 
Science or related field. EOE 
40hrs/wk. Send resume (no 
calls) to Mr. Jeff DeGroot, Senior 
Technical Recruiter, EdFund 
3300 Zinfandel Drive, Rancho 
Cordova, California 95670. 


NETWORK ASSOCIATES 
currently has opportunities in 
Santa Clara, CA; Los Angeles, 
CA; Beaverton, OR; Rockville, 
MD; Dallas, TX; Herndon, VA; 
Wayne, NJ; Rego Park, NY; 
Oakbrook Terrace, iL, for all 
levels: Software Engineers; 
Quality Assurance Software 
Engineers; Programmer Analysts; 
Database Administrators; Hard- 
ware Engineers; Security Products 
Manager; Sales (all divisions); 
Systems Analysts; Customer 
Support. You may send a resume 
to Network Associates Human 
Resources, 3965 Freedom Circle, 
Santa Ciara, CA 95054, or email 
to jobs @nai.com. www.nai.com. 
EOE 


Database Administrators (Unix, 
Oracle): To design, develop, & 
implement database using 
Designer 2000 & Erwin. Migrate 
databases from SQL-Server to 
Oracle. MS/BS or equiv & rel wk 
exp. Mail resume, ref. & salary 
req: Americus Global Software, 
1900 The Exchange Bidg #200, 


Atlanta, GA 30339. No Walk Ins. 


INFORMATION SYSTEMS 
MANAGER to manage, direct & 
orchestrate all aspects of the 
internal info. systems dept.; 
Assign duties & responsibilities 
to dept. subordinates; Spearhead 
technical initiatives, including 
product & application hosting & 
support; Prepare status reports 
for the Production VP; identify 
system needs & prepare software/ 
systems purchase recommen- 
dations. Require: Master's deg 
in Comp./Mgt. Info. Systems, 
Bus. Admin, or a closely related 
field, w’ 1 yr. of exp. in the job 
offered or in sr. level information 
systems support. Must possess 
a CNA certification or be 
currently enrolled in a CNA cer- 
tification course. Competitive 
salary & benefits. 9-6, M-F. Send 
resume to: Corp. HR, A.D.A.M 
inc., 1600 RiverEdge Parkway, 
Suite 800, Atlanta, GA 30328; 
(No Phone Calls Please) 


Senior Systems Engineer needed 
at Brown & Williamson Tobacco 
Corporation in Macon, GA. Provide 
application & technical support 
for software applications. Main- 
tain documentation within pro- 
ject framework. Perform applica- 
tion enhancements, analysis 
requests & effective technical 
trouble shooting. Must possess 
BS or equiv. in Computer 
Science or Computer info. Sys. 
and 7 yrs. of exp. as a Senior 
Systems Engineer or Program- 
mer/Analyst, including experience 
in the design & development of 
application software systems. 
Will accept MS or equiv. in 
Computer Science or Computer 
Info. Sys. and 2 yrs. of experience 
in lieu of BS+7. Send resume by 
mail to Melissa Harden at 401 S. 
4th Avenue, Ste. 200; Louisville, 
KY 40202-3426. Resumes without 
salary requirements will not be 
considered. Faxes and emails 
will not be responded to. 


SOFTWARE ENGINEER to de- 
sign, develop, impiement, test, 
maintain and support geographic 
information systems (GIS) appli- 
cations using Arc/Info, ArcView, 
Mapinto, AML Programme, ER- 
DAS Imagine, Oracle and C 
under Windows NT and UNIX 
operating systems. Require: M.S. 
degree in Computer Science/ 
Engineering, Geography, or a 
closely related field with two 
years of experience in the job 
offered or as a Programmer/ 
Analyst. Extensive travel on 
assignments to various client 
sites within the U.S. is required 
Competitive salary offered. 
Apply by resume to: Sudhakara 
Ravoori, President, Sai Technical 
Services, inc., 366 Avalon Way, 
Brandon, MS 39047; Attn 
Job JA. 


Jaypar, Inc 
Seeking IT Professionals 


* Software Engineers 
* Application Developers 
* E-Commerce Developers 


Experience and skills in the 
following areas are required: 


Java, J2EE, EJB, XML, Broad- 
Vision, WebLogic, Sun Enterprise/ 
Ultra/Sparc, SQL*Pius, PL/SQL, 
SQL*Loader, Oracle Forms 6i, 
Oracle Reports 6i, Oracle Appli- 
cations viz. Financial, CRM. 


B.E., B.Tech, M.S., MBA, or 
MCA, with good understanding 
of e-commerce systems and 
databases are essential. Three 
years of prior related experience 
& excellent communication & 
presentation skills are a must 
Compensation package includes 
base salary, fully paid health 
insurance. Position(s) require 
frequent travel and/or long-term 
relocation. Send resumes to 
Attn: Human Resources at 3730 
Garand Road, Ellicott City, MD 
21042 


SOFTWARE ENGINEER to 
design, develop, implement, test, 
maintain and support application 
software using Oracle RDBMS, 
Oracle Financials, Oracle Manu- 
facturing, Developer 2000, Oracle 
Order Management, Discoverer, 
PL/SQL, SQL Loader, Java, 
Pro*C, SQL Plus and HTML 
under Windows NT, AIX and 
UNIX operating systems. Re- 
quire: M.S. degree in Computer 
Science/Engineering, or a closely 
related field with two years of 
experience in the job offered 
or as a Programmer/Analyst 
Extensive travel on assignments 
to various client sites within the 
U.S. is required. Competitive 
salary offered. Apply by resume to: 
Sudhakara Ravoori, President, 
Sai Technical Services, inc., 366 
Avalon Way, Brandon, MS 
39047; Attn: Job PT. 


COMPUTER/IT 

Client Developer. Requires a 
bachelor’s degree or equivalent 
foreign education in management 
information systems or an engi- 
neering field and two years of 
experience in the job offered or 
two years of experience in client 
server/web development. All 
stated experience must involve 
applying information services 
project life cycle principles and 
techniques; utilizing structured 
application methodologies; and 
developing various business 
applications using Oracle, Visual 
Basic, SQL, UNIX shell pro- 
gramming, Crystal reports, ASP 
and HTML. 40 hrs./wk. 8:00 a.m. 
~ 5:00 p.m. Apply with resume 
to Mr. Doug Miller, The Scotts 
Company, 14111 Scottsiawn 
Road, Marysville, OH 43041 
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PEOPLE WITH THE FOLLOW- 
ING SKILLS NEEDED FOR 
ASSIGNMENTS THROUGH- 
OUT THE USA. ORACLE 
SYBASE, POWERBUILDER 
AS400, PROGRESS, UNIX 
SYS ADMIN, NATURAL, SQL/ 
SERVER, JAVA, INGRES, 
SAS, VB, HTML. PLEASE 
MAIL RESUME TO DIR 
RECRUITING, Skillsoft Inc., 
20283 State Road 7, Suite 300, 
Boca Raton, FL 33498, U.S.A 
www.skillsoftusa.com 
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Continued from page 1 


Online Trading 


Con Edison has already built 
comprehensive tracking func- 
tions into its trading systems. 
But the systems will likely re- 
quire significant revisions to 
satisfy federal authorities, 
Menella said. 

“We designed it for our own 
purposes, just so we'd have a 
detailed record of what we’ve 
done, not to report it to the 
outside,” Menella said. “That’s 
a different type of system.” For 
example, he said, the systems 
weren't built to identify wash 
trades or potentially question- 
able trades. 

Early last month, Toronto- 
based Ontario Power Genera- 
tion Inc. went live with new 
systems that support the prov- 
ince’s deregulated electricity 
marketplace. 

CIO Dietmar Reiner said he 
now wants to give customers 
better access to data and to re- 
duce paperwork cycles for en- 


Continued from page 1 


Rogue Threats 


nents and systems routinely | 
“sniffs” its facilities in an at- 


tempt to detect rogue APs. 
“We do drive around our 


buildings and see what we can | 


sniff out,” Maiorana said. “If 

we find one, we shut it down.” 
That puts Delphi way ahead 

of many corporations, said 


Chris Kozup, an analyst at Meta | 


Group Inc. in Stamford, Conn. 
Kozup said many companies 
aren’t aware of the security 
problems inherent in unautho- 
rized wireless devices, which 
are usually installed without 


any kind of security. But once 


alerted to the issue, large en- 
terprises that conduct wireless 
LAN audits find as “many as 10 
to 20 rogue APs connected to a 
network,” he said. 

The rogue APs discovered 


| 





ergy traders. But such projects 
could be moved back if On- 
tario Power has to make signif- 
icant systems changes so that it 
can continue to process trades 
with U.S.-based energy compa- 
nies, Reiner added. 

Robert McCullough, an en- 
ergy industry analyst in Port- 
land, Ore., questioned whether 
anyone can design systems 


by Kozup’s clients so far have | 


been installed by employees of 
the companies, but he said IT 
managers also 


installed by outsiders. 


Spotting Rogues 


THE PROBLEM 

= Workers install low-cost wire- 
less LAN access points (AP) on 
enterprise networks without in- 
forming IT departments. 


THE SOLUTION 
® lronclad policies that forbid in- 


stalling APs without IT approval. 


= Physical inspection of LANs to 
locate unauthorized APs. 


= SNMP tools that can detect un- 
authorized network connections. 


= Wireless LAN security tools that 
can conduct signature verification 
and protocol analysis and check 
for traffic anomalies. 


need to be | 
| aware of the threat of “mali- 
cious” rogue APs that could be | 
| less LAN access points to users 
| each month. 








that can properly oversee the 


kind of light-speed transac- | 


tions in online energy trading. 
“What we're discovering is 


the centralized computer mod- | 


eling may have been a weak- 
ness,” McCullough said. 

In order to prevent such 
abuses from taking place, bet- 


ter analytics and improved in- | 


tegration among systems — 


Brian Grimm, a spokesman | 


for the Wireless Ethernet 
Compatibility Alliance trade 
group in Mountain View, Calif. 
estimated that technology ven- 
dors ship about 300,000 wire- 


Bob Black, a corporate sys- 


| tems engineer at networking 
equipment vendor Avaya Inc. | 


in Basking Ridge, N.J., said he 
thinks that up to 5% of those 


| devices, or 15,000 per month, 
| could end up as rogue APs. 


Thor Sigvaldason, director of 


| the advanced technology group | 
| at New York-based Pricewater- 


houseCoopers’ PWC Consult- 
ing division, said, “Any compa- 


| ny with 50 or more employees 


has a pretty good chance” of 
having undetected rogue APs 


on its internal networks. 


Sigvaldason said the prolif- 


| eration of rogue APs has been 
| spawned by the low cost of the 


devices — $200 — along with 





both within a company and be- 
tween business partners — 


will be needed, said James | 


Walker, an analyst at Forrester 
Research Inc. in Cambridge, 
Mass. “I think the demand on 
IT increases,” he said. 

Most energy trading opera- 
tions now process trades in 
overnight batch feeds, Walker 
said. Mirroring a financial ser- 
vices industry initiative, they 
would need to link their trad- 
ing systems with back-end 
credit and accounting appli- 
cations to create straight- 
through processing that pro- 
vides real-time visibility. 

Reiner said the information 
needed to prevent wash trading 
exists but is often divided 
among generation, wholesale 
and distribution companies. 

“We don’t have the visibility 
right now, but we could get a 
good sense of what’s available 
in transmission and generation 
if we needed to find out that in- 
formation,” he said. D 


Reporter Melissa Solomon 
contributed to this report. 


The problem 
is going to get 
| worse before it gets 
better. . . . [Rogue 

APs are] brain-dead 
| easy to install. 


THOR SIGVALDASON, 
PWC CONSULTING 


their ease of installation. “The | 


problem is going to get worse 
before it gets better, as prices 
come down,” he said. “They’re 
brain-dead easy to install.” 

Both Kozup and Sigvaldason 
said deterring the installation 
of rogue APs must start with 
establishing unambiguous pol- 
icies against their use, includ- 
ing the threat that employees 
will be terminated. 

They also advised that com- 
panies need to continuously 
monitor for rogue APs as part 
of their security procedures. D 











Disconnect 

One of the lessons emerging 
from the national energy trading 
scandal is that putting good 
systems in the hands of un- 
scrupulous managers will lead 
to bad deeds. 

James Walker, an analyst at 
Forrester Research, said some 
energy traders were able to ma- 
nipulate systems in ways that 
state and federal regulators 
hadn't envisioned, turning sim- 
ple trades into false revenue 
and ill-gotten profits. “We are 
going to see quite a bit of 
change in the industry as a re- 
sult of this,” he said. 

Government agencies have 
been trying to discern how 
these trading systems work 
once they get off the drawing 
board and into production, said 
Patrick Roach, an attorney at 
the Federal Trade Commission. 

But Robert McCullough, an 
independent analyst in Port- 
land, Ore., warned that better 
technology only makes it easier 
for rule breakers to perfect their 
schemes in some cases. 

“We can't catch up to the 
product - it moves too fast,” he 
said. “How do you propose to 
stop something you can't 
catch?” 

Energy traders in an unregu- 
lated marketplace have been 
forced to build systems that as- 
sess the risks involved in trad- 
ing with other companies, not- 
ed Bob Menelia, a vice presi- 
dent at Con Edison Energy in 
White Plains, N.Y. But Menella 
said traditional mercantile ex- 
changes provide some protec- 
tion and might become the 
model for the future. 

“More protection of the 
trades is not necessarily a bad 
thing, and we might be looking 
at a model where individual 
companies have to work 
through an exchange in order to 
make sure everything's on the 
level,” he said. 

~ Michael Meehan and 
Melissa Solomon 
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California Steamin’ 


EMO TO: California lawmakers, judges, bureaucrats 
and other state workers. Re: That nasty computer 
break-in incident. You know, the one in which pay- 
roll information for all 265,000 full- and part-time 
state employees was compromised by a hacker. The 
one IT people didn’t spot for more than a month, then kept state 
employees in the dark about for almost three weeks after it was dis- 


covered (see story, page 7). 


Of course you’re steamed at the IT people. 
Who wouldn’t be? IT shops have fumbled secu- 
rity breaches before, but never with a quarter- 
million victims. And since you powerful politi- 
cians are among those whose names, Social Se- 
curity numbers and payroll info were hacked, 
you'll hold hearings so you can ask: How did 
this happen? What went wrong? What should 
be done? And who can we blame? 

But you don’t need hearings to find out those 
things. The answers you want are uncomfort- 
ably easy to find — and unpleasantly simple. 

How did this happen? The centralized state data 
center had security holes. Security procedures 
weren't being followed. Patches weren’t being 
applied. A hacker — probably a “script kiddie” 
— discovered the holes as part of an automated 
scan that also turned up 2,569 other vulnerable 
systems. (We know the number because the 
script sent a confirmation to a Lycos e-mail 
account for each system that was successfully 
compromised.) 

It took more than a month — from April 5 to 
May 7 — for IT people to discover the hack. 
When it was discovered, the whole mess was 
turned over to the Sacramento County sheriff’s 
cybercrime task force, which recommended not 
informing anyone about the breach because that 
might hamper a criminal investiga- 
tion. That’s why 265,000 state em- 
ployees stayed in the dark — and 
why they’re so mad now. 

Once the sheriff found and 
searched that Lycos mailbox, he fi- 
nally OK’d lifting the lid. Then all 
265,000 state employees were given 
the phone numbers for credit- 
reporting agencies Equifax, Exper- 
ian and Trans Union and told that 
they were on their own when it 
came to protecting their identities 
and credit ratings. As a result, the 
credit agencies’ phones were 
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swamped, aggravating the agencies, their regu- 
lar customers and California employees who 
still couldn’t get through. 

What went wrong? What didn’t? Security pro- 
cedures weren’t followed, which is how the 
hack happened. There was no advance plan for 
dealing with a security breach, which is how we 
got the ensuing mess. 

No one thought through the implications of 
simply handing over the entire incident to the 
sheriff’s task force. No one went to the top to 
get the boss in the loop. (It didn’t help that Gov. 
Gray Davis — the boss in question — had his 
hands full with another IT-related political de- 
bacle involving an Oracle database purchase at 
the time the breach was discovered.) 

And no one stepped up to handle non-law- 
enforcement issues, like telling the employees, 
dealing with 265,000 possible cases of identity 
theft and handling political fallout. 

What should be done? Security breaches hap- 
pen. There’s got to be a plan for handling them. 
Not just a “throw it in the sheriff’s lap” plan, but 
one that spells out things like who’s to be kept 
informed, when employees will be told, what 
leaders must sign off on any secrecy and which 
individuals are responsible for making sure it 
all gets done. 

And, oh yeah, the security proce- 
dures must be fixed and the holes 
closed. But that’s already been done. 

Who can we blame? The state con- 
troller screwed up. So did the cyber- 
crime task force. And the data cen- 
ter staff. But rolling heads and slash- 
ing budgets won’t improve security. 
Sure, call em on the carpet. Make 
‘em all sweat. Chew ’em out. 

Then, when you're done, put the 
blame in the one place it’ll do some 
good: on the hacker. After all, he’s 
the only one you really don’t want to 
do a better job next time around. D 


| 
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THIS JAIL’S police officers use 
a digital camera for mug shots, 
then pop the camera's floppy 
disk into a PC to paste the image 
into the booking record. When 
one of the secretaries wants to 
“develop” a photo, support pilot 
fish walks her through the 
process of printing it on a black- 
and-white laser printer. But she’s 
not quite satisfied. “After all the 
money we spent on cameras,” 
she says, “it's too bad we can't 
make the pictures print in color.” 


APPRAISAL COMPANY has 
problem with unauthorized after- 
hours use of PCs, so company 
turns on hardware passwords on 
all machines. But a follow-up 
audit turns up an interesting 
point, sysadmin pilot fish says: 
“The user who complained loud- 
est about someone using his PC 
at night leaves his PC on every 
night and a Post-it note with his 
password on his keyboard!” 


DATABASE ADMIN is a self- 


proclaimed “natural at problem- 
solving” who never reads the 


ced 


“Awww, cool- a Web Cam! You should poimt 
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manuals. But when he replaces 
a printer's toner cartridge, it still 
won't print, even after hours of 
tinkering. Next day, support pilot 
fish quickly solves the mystery: 
“He forgot to remove the plastic 
strip that holds the toner in the 
cartridge - like it tells you in the 
manual.” 


CEO OF this Internet bank says 
he’s a big believer in the paper- 
less office. He discourages print- 
ing by putting the single net- 
worked printer on the other side 
of the building and says he 
wants to remove all copiers, 
printers and fax machines soon. 
But apparently not yet, says an 
observant pilot fish: “On the cre- 
denza behind his uncluttered 
desk is a stapler.” 


Feed the shark: sharky@ 
computerworld.com. You 
get a spiffy Shark shirt if we use 
your true tale of IT life. And 
check out the daily feed, browse 
the Sharkives and and sign up 
for Shark Tank home delivery at 
computerworld.com/sharky. 
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rt at something interesting to watch. The 
fich bowl! The fish bowl!” 
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Every day the demands of business get more demanding. Which is why. we designed the new Gateway 600X and 450X notebooks 
around the sophisticated power management of the world’s fastest mobile proc essor: the Mobile Intel Pentium’ 4 Processor-M. Superior 
multimedia and graphic capabilities. Significantly extended battery life. Seamless connectivity. Slim—almost aerodynamic—design 
The new Gateway 600X and 450X notebooks. So slick, theyll make you look good even when they'revclosed. Call us at 1-888-203-4557. 
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Undisputed: the IBM @server pSeries™ 670 running UNIX® costs up to 25% less than the Sun Fire 6800, but 
offers more! Four times more partitions, so you can consolidate more workloads into a single box. And youre free to 
allocate your resources the way you want. Plus the p670 provides support for AIX® 5L (IBM's industrial-strength UNIX OS) 
as well as Linux® partitions and has self-managing, self-healing features via IBM eLiza™ technology. Learn more: go to 
ibm.com/eserver/p670. To talk with a specialist or to locate the nearest IBM Business Partner, call 1 800 426-7777. 


(Mention priority code 102A5006.) Because you've got to come out fighting. © business é the game. Play twin’ 


8-way pSeries 670 server ($319,144.00) versus 8-way Sun Fire 6800 server ($429,795.00). Both systems with 8GB memory, tape, 10/100 Ethernet CD-ROM/DVD-ROM and two 18GB hot-swappable disk drives. Price information 
based on U.S. list prices as of 5/3/02. Prices subject to change without notice. Reseller prices may vary. Sun list price from store.sun.com. IBM, the e-busines: o, AIX, eLiza, pSeries and e-business is the game. Play to win are 
trademarks or registered tradernarks of International Business Machines Corporation. Linux is 4 registered trademark of Linus Torvaids. UNIX is a registered trademark of The Open Group. Other company, product and service names 
may be trademarks or service marks of others. 2002 IBM Corporation. All rights reserved. 





